How to anti ddos?
59 views
Skip to first unread message
ting chiang
Oct 17, 2017, 2:38:01 PM10/17/17
to gce-discussion
I used gce 4vcpu 8g ram in Taiwan
download bandwidth about 120mbps
I saw some documentation like this
https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf?hl=zh-tw
Now I set up
1. firewall rule - only access Taiwan IP, only open 3 TCP port.
2.pub/sub
3.api rate limit
These can anti some ddos.
But still have some ddos method like "tcp-ack" "LDAP" etc..
And I used wireshark to catch attack's IP.
I saw about 15,000 attack's IP from Taiwan.
How can I anti ddos?
Thank you
download bandwidth about 120mbps
I saw some documentation like this
https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf?hl=zh-tw
Now I set up
1. firewall rule - only access Taiwan IP, only open 3 TCP port.
2.pub/sub
3.api rate limit
These can anti some ddos.
But still have some ddos method like "tcp-ack" "LDAP" etc..
And I used wireshark to catch attack's IP.
I saw about 15,000 attack's IP from Taiwan.
How can I anti ddos?
Thank you
Marilu (Cloud Platform Support)
Oct 17, 2017, 10:28:09 PM10/17/17
to gce-discussion
Hello Ting,
The link that you already provided has plenty of information on the best practices to protect from DDoS attacks. As per the information provided, you have configured already your GCE instance to allow traffic only from specific IP in Taiwan and limited the ports to the ones that you might need. Besides this, you might want to consider deploying third-party DDoS protection solutions as described in the link.
However, DDoS attacks are performed on any public IP, which could be hosted on any cloud infrastructure or on-premise servers and you can't prevent this from happening but rather protect your instances from suffering from them.
I hope this information helps.
Marilu
Reply all
Reply to author
Forward
0 new messages