Let me first say it has been a while since I did Networking at University, so I may be blatantly wrong. Basically the problem is, every now and then one of our servers gets attacked (DoS/DDoS). We have a good relationship with our datacenter, and they have agreed not to charge us in this eventuality and just use nullroutes to prevent any traffic making it through to their routers. Howeaver we need to ask for these, and they take time. A possible solution was drawn up where when an attack is detected, and it is of sufficient volume that IPTables alone wont suffice to remove the IP address from the network adapter. This should in theory remove the IP from the ARP table and hence, the traffic not routed to our port. Of course the switches/routers will be under load, but no more than they otherwise would be had we not taken this action. From our experience, other servers on the same VLAN (oh yes, the VLAN is shared!) are usually unaffected when we are having issues. So the switches should be able to take it, we hope. Is there anything fundamentally wrong with this plan? What could possibly interfere. What questions should we ask our host about their networking to ensure this is indeed possible?
Hello, Well to be perfectly honest with you, you could stop the attacks with software like Dos Deflate, CSF Firewall,to help prevent those attacks on your servers. If configured correctly to do so. Regards, Adam