We block all unnecessary traffic (ICMP, UDP, and unused TCP ports) at the edge routers, so it never reaches the server.What DDoS attack vectors do you mitigate, and how? Assume only the ports in use are open to the internet (7171 and 7172) using latest TFS (which has a max packet rate per sec before closing a connection)
You can be as technical as needed about this
The web server (the only thing visible to the Internet besides TFS) is configured with appropriate rate limits so that it doesn't overload the server.
For open TCP ports we have automatic malicious packet discovery which drops unwanted packets also at the edge routers (SYN floods, etc.).
In case of the most popular types of attack (port 80) we also have alternative measures as needed.