Notes on DDoS mitigation

[joncamfield]

(sent in via private email)

- First sentence, "citizen" -> "citizens"

- I think making the point that the time to document contacts at
  hosters, service providers, registrars, etc. is before an attack
  starts, not after.

- Looking at "change DNS TTL to 1 hour," I think this is something
  that could be done now in preparation for an attack. How would be
  the best way to get this prep/not-reactive advice out? Perhaps add
  a "preparing for attack" section at the top of the DFAK?

- DDoS and site takedowns and defacements don't feel like the same
  issue to me and I wouldn't have clicked into DDoS mitigation to
  find docs on the latter two. Maybe split this up or rename the
  topic?

- This text "It is very important to keep payments for your domain
  name in order." is another statement that would be useful in a
  "preparing for attack" section.

- For DDos Mitigation services, Con #3 says SSL will be decrypted
  briefly, which means that the provider must have a copy of your
  SSL private key which is itself a con. That said, this isn't the
  case for NSP-type DDoS mitigation services that work at the TCP
  level instead.

- The link for "Go straight to the Responding to a Denial of Service
  Attack section" takes the reader to the github page, which doesn't
  feel intended.