Most webmasters & servers admin think blocking incoming UDP ports
save them from UDP DDoS attacks, The question is, Is it true? The answer
is Yes and No
Yes, if the attack size is small and around 10K PPS or 50Mbps, What about greater attacks? 1Gbps, 10Gbps or more.
No, When the attack size is large, no matter if you block incoming UDP port at server or router level, at all you will have some issue. You may feel low connection speed and next level will be null routing your server IP by your data center. So why they do it? this is because the traffic still reach their network and they have to pay for it, so they have to null route your server IP to avoid it.
The solution is to place your website or server at DDoS protected network, DDoS protected network equipped with latest hardware and technology needed for DDoS protection, They block the attack instead of null routing your server or website IP.
Yes, if the attack size is small and around 10K PPS or 50Mbps, What about greater attacks? 1Gbps, 10Gbps or more.
No, When the attack size is large, no matter if you block incoming UDP port at server or router level, at all you will have some issue. You may feel low connection speed and next level will be null routing your server IP by your data center. So why they do it? this is because the traffic still reach their network and they have to pay for it, so they have to null route your server IP to avoid it.
The solution is to place your website or server at DDoS protected network, DDoS protected network equipped with latest hardware and technology needed for DDoS protection, They block the attack instead of null routing your server or website IP.
