New server is coming online later today (next 12 hours roughly). Was having some difficulties getting out pfsense VM frontend to properly connect to the outside world last night, and I was not going to put up a brand new server configuration before getting some sleep.
Once this is all resolved and you've had some much deserved rest, it would be great if you wrote up a synopsis of the experience with an emphasis on how to stop/prevent these attacks. It seems like information about how to perpetrate a ddos is easy to find, but information on what to do if you are the victim of one is conflicting, confusing, and vague.
Hang in there!
Honestly, there's only four options for fighting a DDOS:
1) Wait it out
2) Pay for bigger pipes and hope they're bigger than what the DDoSer has access to.
3) Pay for an ISP that has perimeter level filters to stop the DDoS at the frontend pipes rather than your personal server.
4) Both 2 and 3 combined.
A DDoS cannot be filtered at the server level, or by adding a firewall in front of your server, no matter what people claim. Your ISP is only giving your server(s) access to a certain size pipe. If you fill it, you're essentially offline. A DDoS can flood the pipe even if you are blacklisting them, because your blacklist will not take effect until its in your pipe.
