Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I mean if they don't even HAVE a new load balancer ... I'm not sure the network guys could do it if they weren't lazy...
-
@N00bPancakes I'm happily uninvolved in that portion of our happy little disaster but as far as I'm aware they just need to install the software and replicate our current settings in whatever new system they have in mind
-
@AtuM these guys are like COBOL cowboys but for visual basic asp. I hate it here, leaving as soon as I can.
-
hack64144yWow.. Its not even DDoS protection. It's just a security patch to block brute force password attacks.
-
Root797674yYeah, that isn’t going to do much.
Whatever, DDoS’s are pretty rare unless you’re doing something to piss someone off. You can probably just wait for it to pass and you’ll be good.
But like.
No load balancer?
You must not get much traffic. -
@Root we have LB. We don't have a NEW one. Ours doesn't work extremely well for our needs. Apparently.
-
Just get behind Cloudflare and be done with it...
The only viable approach to security is "never re-invent the wheel" -
@hamido-san
Lotta IT guys out there who I think are masochists and I think want to build their own cloudflare at work .... and complain about it rather than use cloudflare .. it's weird. -
Root797674y@N00bPancakes Cloudflare is both terrible and terrifying. Why? It quite literally breaks SSL in the name of “security.” It provides protection against automated attacks (which aren’t likely to target your servers anyway) by stripping away literally everyone’s privacy.
It’s an unimaginably high price for something you very likely don’t need, and it comes with dire consequences. Again, why? Not only does a third party have access to all of your users’ traffic, but getting used to this idea leads directly to believing “only the guilty have something to hide.”
And another question: what does cloudflare do with that traffic? And who else would pay to share that access? And how much? And further: who has leverage (legal, quasi, or otherwise) over them? -
@Root I wouldn't be the most surprised man in the world if the government helped them build their little backbone network for a taste of that delicious user data
-
sariel84474yWhy not install an intelligent waf and have it deal with the rejections?
Most new products have a learning mode that allows you to run it passively and then make your block changes before you turn on active blocking.
It's a pita for like a week after that, but it's better than not doing anything. -
mundo0349114yBest DDOS protection: Shut it down, nothing can get to it if it is offline.
You are welcome.
Related Rants
We got DDoS attacked by some spam bot crawler thing.
Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.
- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.
- Some basic implementation of rate limiting on the web server
We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)
So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.
rant
fucking kill me