Hacker News new | comments | ask | show | jobs | submit login

How do larger companies (like Basecamp) prepare for these kinds of risks? Do they contract with DDoS mitigation firms beforehand, or do most tend to hire help only when they are actually attacked?

DDOS firms (prolexic etc) are really expensive, I would imagine they do it on an as-needed basis. From my experience working at a datacenter, the first line of defense are the techs in the datacenter, for most attacks, they can blackhole offending IPs etc, and mitigate it. When it gets to the point of being something huge though, like the meetup.com attack, I would imagine they call in an outside firm.

Surprisingly, they usually don't.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact