Alexandre Egger wrote: [..]
However, IMHO DDoS attacks are just like spam, nobody can really pretend being able to stop them as of today.
There is a semi-partial solution which will cost you some cash, like every other 'solution': anycast your network.
(Thus you are doing your own ISP and in in grand grand scale...)
That way, like what the happysex site but only for Switzerland, you 'localize' the problem. If a DDoS network then attacks your site, they only attack one of the various versions, you close upstream and therefor take out the largest part of the ddos botnet being able to attack you. The other versions are then not affected and you limit what gets hit.
This of course requires you to have a huge amount of nodes around the world, generally nodes close to your users and of course a redundant way to distribute your data, synchronise it etc etc etc which can be fun challenges. And it of course all breaks down when the ISP you are hosting at gets pressured into taking your site offline...
Thus works for the big boys, but not for the small ones (anybody doing a PhD thesis on how monopoly on the Internet works and the relation of the big ISPs with criminals to force smaller ISPs to die off... ? :)
Greets, Jeroen