Page 1 of 2 12 LastLast
Results 1 to 25 of 29
  1. #1

    25Gbps DDoS - Solutions

    Is there anything that can be done about this?

    http://www.zimg.eu/i/1080375700

  2. #2
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,662
    sure, stop what ever the activity is that attracts that kind of attack

  3. #3
    Quote Originally Posted by RyanD View Post
    sure, stop what ever the activity is that attracts that kind of attack
    It's my business, it can't stop.

    My site is still up strangely enough...

  4. #4
    Join Date
    Jan 2010
    Location
    Indiana, USA
    Posts
    214
    Thats one hell of an attack. I dont know if there is really anything that could stop that.

  5. #5
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by jscott04 View Post
    Thats one hell of an attack. I dont know if there is really anything that could stop that.
    There is, but such solutions are extremely expensive.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.

  6. #6
    Join Date
    Feb 2010
    Location
    Exotic
    Posts
    1,068
    Quote Originally Posted by misspink View Post
    My site is still up strangely enough...
    Are you sure that the measurement is accurate? I have seen faulty bandwidth monitors once or twice before.

  7. #7
    Join Date
    Sep 2008
    Posts
    104
    And I figure I have been hit hard in past 3 days heheh 25GB attack not a joke.
    Wonder what king bussiness do you run .

  8. #8
    Join Date
    Jan 2008
    Location
    Europe
    Posts
    779
    Yeah if your site is still up I highly doubt that's accurate.

    For DDoS protection I highly recommend Gigenet. I've also heard good things about Staminus. And awknet if you're on a budget.

    But stay away from ServerOrigin (they resell BlackLotus so might be an idea to stay away from them too, however I can't be sure if the problems we had with SO were directly related with BL or not).

  9. #9
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by sam250 View Post
    Yeah if your site is still up I highly doubt that's accurate.

    For DDoS protection I highly recommend Gigenet. I've also heard good things about Staminus. And awknet if you're on a budget.

    But stay away from ServerOrigin (they resell BlackLotus so might be an idea to stay away from them too, however I can't be sure if the problems we had with SO were directly related with BL or not).
    A couple points of clarification:

    1) ServerOrigin does not resell Black Lotus, they buy our transit.

    2) Even if they were reselling Black Lotus, they're not Black Lotus so how are you in good conscience going to put out a warning to stay away from us?

  10. #10
    Join Date
    Aug 2008
    Posts
    536
    Quote Originally Posted by misspink View Post
    It's my business, it can't stop.

    My site is still up strangely enough...
    On what are you running the website? A 25 Gbit DDoS is by far to much for a normal server, so what setup are you using?
    Regards,
    Yourwebhoster.eu [NL] based hosting
    Shared | Reseller | KVM VPS | Reseller VPS

  11. #11
    Join Date
    Jan 2008
    Location
    Europe
    Posts
    779
    Quote Originally Posted by IRCCo Jeff View Post
    Even if they were reselling Black Lotus, they're not Black Lotus so how are you in good conscience going to put out a warning to stay away from us?
    If a company is reselling a provider and the service is bad then both parties are responsible, unless its something that the provider has no control over of course (like support).

    However seeing you have clarified they don't resell I withdraw my previous statement, I apologise if it looked like I was trying to warn people away from you directly, that was not my intention (notice the 'might be an idea' and 'cant be sure' part) my intention was simply to warn people to stay away from ServerOrigin, and any service directly related to them.

  12. #12
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by sam250 View Post
    If a company is reselling a provider and the service is bad then both parties are responsible, unless its something that the provider has no control over of course (like support).

    However seeing you have clarified they don't resell I withdraw my previous statement, I apologise if it looked like I was trying to warn people away from you directly, that was not my intention (notice the 'might be an idea' and 'cant be sure' part) my intention was simply to warn people to stay away from ServerOrigin, and any service directly related to them.
    Just to cite a random example, let's say you're a reseller for a provider and you decide to oversell the bandwidth or improperly configure other aspects of the service. Does that make your provider responsible for your service level?

  13. #13
    Join Date
    Aug 2008
    Posts
    176
    I have to wonder if this...

    1. A joke

    2. an incorrect bandwidth reading...

    And as fair as I know if someone really had that big of an attack they are going to pay out the nose to mitigate it. Staminus offers a 10 gig/ 1 million packet per second proxy at $12,050 a month and $12,050 for setup. So I would expect to pay double to quadruple for something in the 20 gigs plus range.

    I seriously wonder if this is just a mistake somewhere along the lines. I don't know any website could be up under such an attack.
    Last edited by ShaunH; 05-21-2011 at 08:23 AM.

  14. #14
    Join Date
    Jan 2008
    Location
    Europe
    Posts
    779
    Quote Originally Posted by IRCCo Jeff View Post
    Just to cite a random example, let's say you're a reseller for a provider and you decide to oversell the bandwidth or improperly configure other aspects of the service. Does that make your provider responsible for your service level?
    No, of course not, as I said in my previous post, if the provider that is being resold has no control over the area of the service that is problematic then they're not at fault.

    However, its inevitable that even if the resold provider isn't at fault, they're still going to look bad as the reseller is giving them a bad name.
    Last edited by sam0; 05-21-2011 at 08:50 AM.

  15. #15
    Join Date
    Jul 2009
    Location
    The backplane
    Posts
    1,788
    How are you getting a 25Gbps attack on a single interface? Or, is that an aggregate number? Something does not seem right here.

  16. #16
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by sam250 View Post
    No, of course not, as I said in my previous post, if the provider that is being resold has no control over the area of the service that is problematic then they're not at fault.

    However, its inevitable that even if the resold provider isn't at fault, they're still going to look bad as the reseller is giving them a bad name.
    In the interest of not derailing this thread, would you be kind enough to contact me privately ( jeffrey.lyon at blacklotus.net ) and sharing your experience? If there is infact a Black Lotus related issue, i'm keen to solve it. Otherwise, I can sit down with ServerOrigin management and assist them in doing the same.

  17. #17
    Join Date
    Sep 2008
    Posts
    104
    I can add regarding gigenet
    I contact gigenet after my site was hit by ddos, let me tell you i have never had such a bad customer service with other providers as gigenet.
    On there website 1st page said 9.99 for unlimited bandwidth space etc.. when i was with gigenet sales they start asking how much space i need bandwidth etc ... i wonder why they even asked question.
    Instead sk how can we help you move your site to help with your situation they just start ignoring emails.

  18. #18
    I'd say the value's are incorrect. 25GB/S ddos attacks are very rare.

    If your getting a 25GB/S attack would suggest looking for a DDOS protected provider. you are looking at a lot of money to cover such attacks. I'd suggest a DDOS protected cloud but your budget would still need to be quite high to cover it.

  19. #19
    Join Date
    May 2006
    Posts
    1,426
    25 gbs is a monster and if someone is getting that there must be some financial motive behind the attack. It can be protected if you have the money. Any proxying service or ddos mitigation service would charge up to 20k or more per month with a setup fee or contract. Id recommend finding a way to get the true strength of your attack then go from there.

    You can setup servers in multiple locations with multiple ips and use some sort of dns load balancing/round robin a LOT cheaper then paying for proxying/mitigation. It can work. Then again if you have a site that is getting that much attack chances are you can afford the protection.

  20. #20
    Join Date
    Mar 2006
    Location
    Reston, VA
    Posts
    3,131
    Tata has a pretty good filtering service, but this is more on the service provider level than.. a single server level. 25Gbps attacks are pretty big.. and normally get the attention of upstreams/carriers at that level.. that type of thing wouldn't go unnoticed... it would be affecting a lot more customers than just you at that level.
    Yellow Fiber Networks
    http://www.yellowfiber.net : Managed Solutions - Colocation - Network Services IPv4/IPv6
    Ashburn/Denver/NYC/Dallas/Chicago Markets Served zak@yellowfiber.net

  21. #21
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152

    Load Balancing

    Hi,

    25Gbps are not a problem. You must provide some other information:

    - How manny packets per soconds (pps) there are when under attack?
    - How many are the new connections per second?
    - You can get a list IP of top attackers?
    - The attack are only synflood or http get?

    Then we can think to build a solution..
    You can stop this attack by increse your network.

    First question:
    - Where buy more connection? (your site are international users or just europe?)

    OVH sell new server of 2011 that have 10Gbps at cheap cost. It limit only the TX traffic, on RX is unmetred so the attack will not use the traffic limited by the provide.
    OVH provide for free one IP Load Balancing with max 8 server: buy 3 server at 10Gbps fiber and you will have only one IP that distribuete the traffic on this 3 servers.

    So i suggest you to do what i've write or if you don't want to buy from OVH you can build a CDN so buy some servers in some part of the world and make a GeoIP module in the dns server, so the attacks will be ditribueted to some server close the attackers.

    But i repeat, this attack can handle with OVH with 1 ip load balancing and 2 or 3 server 10gbps. Each server will be a firewall with FreeBSD and Nginx.

  22. #22
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by raffo View Post
    But i repeat, this attack can handle with OVH with 1 ip load balancing and 2 or 3 server 10gbps. Each server will be a firewall with FreeBSD and Nginx.
    That loadbalancer would fall over pretty much instantly if hit with a DDOS of such magnitute and if it by some miracle might be able to forward all packets then all the servers behind it would fall over. Providers like OVH have little mitigation capacity and will simply nullroute the targetted IP.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.

  23. #23
    Join Date
    May 2006
    Posts
    1,426
    Quote Originally Posted by swiftnoc View Post
    That loadbalancer would fall over pretty much instantly if hit with a DDOS of such magnitute and if it by some miracle might be able to forward all packets then all the servers behind it would fall over. Providers like OVH have little mitigation capacity and will simply nullroute the targetted IP.
    Agree, You would have to definitely make some special agreement with a datacenter, and they would have to make agreements with upstream and so on for this to be done in one location.

    I think even the mitigation companies would have to use multiple locations/networks.

  24. #24
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    152
    Is not only one router that forward the traffic to the servers..
    25Gbps are not soo much if have fiber.

    We don't need to consider the bits/s but the packets/s. I configured a server with FreeBSD that can handle an attack of 1Gbps and server are 100mbps..

    When there are a big attack the only way is to distribuite the traffic in some servers.. A IP Load Balancing help a lot because if the domain resolve in more IP the attackers can attack specific IP and bypass the round robin.

    Buy a Cisco Firewalls will e too expensive.

  25. #25
    Join Date
    Jun 2004
    Location
    Europe
    Posts
    3,822
    Quote Originally Posted by raffo View Post
    Is not only one router that forward the traffic to the servers..
    25Gbps are not soo much if have fiber.
    25 gbps is a large DDOS attack. Your load balancer will choke, your servers will choke but furthermore: you are definately offline as you push 25 gigabit of DDOS traffic trough that 10 gigabit port, so legitimate requests will have trouble reaching your server in the first place.
    If a 100 mbit port gets hit with a gigabit of DDOS traffic, then the port is so flooded that the server will appear offline for most users.
    Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
    Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.

Page 1 of 2 12 LastLast

Similar Threads

  1. new destributed ddos problem - suggest solutions
    By FarzinSB in forum Hosting Security and Technology
    Replies: 6
    Last Post: 04-03-2011, 12:46 AM
  2. DDoS Hosting Solutions - Affordable DDoS Protected Hosting
    By BobS_ in forum Shared Hosting Offers
    Replies: 0
    Last Post: 09-26-2009, 12:03 PM
  3. Anti-DDoS Hardware Solutions
    By ixforres in forum Colocation, Data Centers, IP Space and Networks
    Replies: 29
    Last Post: 08-22-2005, 02:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •