Comment: Really not that simple

(See in situ)

In reply to comment: Yeah blocking the IP's of the (see in situ)

Really not that simple

More sophisticated DDoS attacks can spoof the From IP address on the packets that are overwhelming the victims bandwidth.

Blocking the IP address just results in them changing it to another fake address.

These attacks can also come in waves, so by the time you finally build a filter to block the malicious traffic they have already changed the attack to list a different from address or application type for the traffic.

There is no perfect way to stop it but many ISPs now offer DDoS scrubbing at the network level before the traffic even hits your equipment. Filters are based on normal traffic patterns and can be initiated immediately upon an attack. These can be very costly services though (thousands of dollars per month) which small scale websites aren't likely to pay for.

peace + liberty = prosperity