Results 1 to 25 of 29
Thread: 25Gbps DDoS - Solutions
-
05-21-2011, 12:09 AM #1Disabled
- Join Date
- Sep 2010
- Posts
- 627
25Gbps DDoS - Solutions
Is there anything that can be done about this?
http://www.zimg.eu/i/1080375700
-
05-21-2011, 12:19 AM #2Managed Service Provider
- Join Date
- Feb 2004
- Location
- Atlanta, GA
- Posts
- 5,662
sure, stop what ever the activity is that attracts that kind of attack
-
05-21-2011, 12:22 AM #3Disabled
- Join Date
- Sep 2010
- Posts
- 627
-
05-21-2011, 12:35 AM #4Junior Guru
- Join Date
- Jan 2010
- Location
- Indiana, USA
- Posts
- 214
Thats one hell of an attack. I dont know if there is really anything that could stop that.
-
05-21-2011, 02:52 AM #5Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
-
05-21-2011, 04:06 AM #6Web Hosting Master
- Join Date
- Feb 2010
- Location
- Exotic
- Posts
- 1,068
-
05-21-2011, 04:13 AM #7WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
And I figure I have been hit hard in past 3 days heheh 25GB attack not a joke.
Wonder what king bussiness do you run .
-
05-21-2011, 05:38 AM #8Web Hosting Master
- Join Date
- Jan 2008
- Location
- Europe
- Posts
- 779
Yeah if your site is still up I highly doubt that's accurate.
For DDoS protection I highly recommend Gigenet. I've also heard good things about Staminus. And awknet if you're on a budget.
But stay away from ServerOrigin (they resell BlackLotus so might be an idea to stay away from them too, however I can't be sure if the problems we had with SO were directly related with BL or not).
-
05-21-2011, 06:40 AM #9CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
-
05-21-2011, 06:56 AM #10Web Hosting Evangelist
- Join Date
- Aug 2008
- Posts
- 536
-
05-21-2011, 07:35 AM #11Web Hosting Master
- Join Date
- Jan 2008
- Location
- Europe
- Posts
- 779
If a company is reselling a provider and the service is bad then both parties are responsible, unless its something that the provider has no control over of course (like support).
However seeing you have clarified they don't resell I withdraw my previous statement, I apologise if it looked like I was trying to warn people away from you directly, that was not my intention (notice the 'might be an idea' and 'cant be sure' part) my intention was simply to warn people to stay away from ServerOrigin, and any service directly related to them.
-
05-21-2011, 08:14 AM #12CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
-
05-21-2011, 08:18 AM #13Junior Guru
- Join Date
- Aug 2008
- Posts
- 176
I have to wonder if this...
1. A joke
2. an incorrect bandwidth reading...
And as fair as I know if someone really had that big of an attack they are going to pay out the nose to mitigate it. Staminus offers a 10 gig/ 1 million packet per second proxy at $12,050 a month and $12,050 for setup. So I would expect to pay double to quadruple for something in the 20 gigs plus range.
I seriously wonder if this is just a mistake somewhere along the lines. I don't know any website could be up under such an attack.Last edited by ShaunH; 05-21-2011 at 08:23 AM.
-
05-21-2011, 08:41 AM #14Web Hosting Master
- Join Date
- Jan 2008
- Location
- Europe
- Posts
- 779
No, of course not, as I said in my previous post, if the provider that is being resold has no control over the area of the service that is problematic then they're not at fault.
However, its inevitable that even if the resold provider isn't at fault, they're still going to look bad as the reseller is giving them a bad name.Last edited by sam0; 05-21-2011 at 08:50 AM.
-
05-21-2011, 09:23 AM #15Web Hosting Master
- Join Date
- Jul 2009
- Location
- The backplane
- Posts
- 1,788
How are you getting a 25Gbps attack on a single interface? Or, is that an aggregate number? Something does not seem right here.
-
05-21-2011, 10:20 AM #16CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
In the interest of not derailing this thread, would you be kind enough to contact me privately ( jeffrey.lyon at blacklotus.net ) and sharing your experience? If there is infact a Black Lotus related issue, i'm keen to solve it. Otherwise, I can sit down with ServerOrigin management and assist them in doing the same.
-
05-22-2011, 12:34 AM #17WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
I can add regarding gigenet
I contact gigenet after my site was hit by ddos, let me tell you i have never had such a bad customer service with other providers as gigenet.
On there website 1st page said 9.99 for unlimited bandwidth space etc.. when i was with gigenet sales they start asking how much space i need bandwidth etc ... i wonder why they even asked question.
Instead sk how can we help you move your site to help with your situation they just start ignoring emails.
-
05-22-2011, 12:41 AM #18Disabled
- Join Date
- May 2011
- Posts
- 160
I'd say the value's are incorrect. 25GB/S ddos attacks are very rare.
If your getting a 25GB/S attack would suggest looking for a DDOS protected provider. you are looking at a lot of money to cover such attacks. I'd suggest a DDOS protected cloud but your budget would still need to be quite high to cover it.
-
05-22-2011, 12:51 AM #19Disabled
- Join Date
- May 2006
- Posts
- 1,426
25 gbs is a monster and if someone is getting that there must be some financial motive behind the attack. It can be protected if you have the money. Any proxying service or ddos mitigation service would charge up to 20k or more per month with a setup fee or contract. Id recommend finding a way to get the true strength of your attack then go from there.
You can setup servers in multiple locations with multiple ips and use some sort of dns load balancing/round robin a LOT cheaper then paying for proxying/mitigation. It can work. Then again if you have a site that is getting that much attack chances are you can afford the protection.
-
05-22-2011, 11:00 AM #20Master of the Truth
- Join Date
- Mar 2006
- Location
- Reston, VA
- Posts
- 3,131
Tata has a pretty good filtering service, but this is more on the service provider level than.. a single server level. 25Gbps attacks are pretty big.. and normally get the attention of upstreams/carriers at that level.. that type of thing wouldn't go unnoticed... it would be affecting a lot more customers than just you at that level.
Yellow Fiber Networks
http://www.yellowfiber.net : Managed Solutions - Colocation - Network Services IPv4/IPv6
Ashburn/Denver/NYC/Dallas/Chicago Markets Served zak@yellowfiber.net
-
05-22-2011, 07:18 PM #21WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
Load Balancing
Hi,
25Gbps are not a problem. You must provide some other information:
- How manny packets per soconds (pps) there are when under attack?
- How many are the new connections per second?
- You can get a list IP of top attackers?
- The attack are only synflood or http get?
Then we can think to build a solution..
You can stop this attack by increse your network.
First question:
- Where buy more connection? (your site are international users or just europe?)
OVH sell new server of 2011 that have 10Gbps at cheap cost. It limit only the TX traffic, on RX is unmetred so the attack will not use the traffic limited by the provide.
OVH provide for free one IP Load Balancing with max 8 server: buy 3 server at 10Gbps fiber and you will have only one IP that distribuete the traffic on this 3 servers.
So i suggest you to do what i've write or if you don't want to buy from OVH you can build a CDN so buy some servers in some part of the world and make a GeoIP module in the dns server, so the attacks will be ditribueted to some server close the attackers.
But i repeat, this attack can handle with OVH with 1 ip load balancing and 2 or 3 server 10gbps. Each server will be a firewall with FreeBSD and Nginx.
-
05-23-2011, 01:51 AM #22Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
That loadbalancer would fall over pretty much instantly if hit with a DDOS of such magnitute and if it by some miracle might be able to forward all packets then all the servers behind it would fall over. Providers like OVH have little mitigation capacity and will simply nullroute the targetted IP.
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
-
05-23-2011, 02:01 AM #23Disabled
- Join Date
- May 2006
- Posts
- 1,426
-
05-23-2011, 06:50 AM #24WHT Addict
- Join Date
- May 2009
- Location
- Italy - Rome
- Posts
- 152
Is not only one router that forward the traffic to the servers..
25Gbps are not soo much if have fiber.
We don't need to consider the bits/s but the packets/s. I configured a server with FreeBSD that can handle an attack of 1Gbps and server are 100mbps..
When there are a big attack the only way is to distribuite the traffic in some servers.. A IP Load Balancing help a lot because if the domain resolve in more IP the attackers can attack specific IP and bypass the round robin.
Buy a Cisco Firewalls will e too expensive.
-
05-23-2011, 07:21 AM #25Always there
- Join Date
- Jun 2004
- Location
- Europe
- Posts
- 3,822
25 gbps is a large DDOS attack. Your load balancer will choke, your servers will choke but furthermore: you are definately offline as you push 25 gigabit of DDOS traffic trough that 10 gigabit port, so legitimate requests will have trouble reaching your server in the first place.
If a 100 mbit port gets hit with a gigabit of DDOS traffic, then the port is so flooded that the server will appear offline for most users.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017 Support response time <15 minutes 24/7
█ Introducing our new Entry level server line ! Support response time <15 minutes 24/7. Technology Fast 50 & Fast 500 award winning for multiple years, Your Business deserves Swiftway Quality.
Similar Threads
-
new destributed ddos problem - suggest solutions
By FarzinSB in forum Hosting Security and TechnologyReplies: 6Last Post: 04-03-2011, 12:46 AM -
DDoS Hosting Solutions - Affordable DDoS Protected Hosting
By BobS_ in forum Shared Hosting OffersReplies: 0Last Post: 09-26-2009, 12:03 PM -
Anti-DDoS Hardware Solutions
By ixforres in forum Colocation, Data Centers, IP Space and NetworksReplies: 29Last Post: 08-22-2005, 02:57 PM