Results 1 to 16 of 16

Thread: DDoS protection

  1. #1

    DDoS protection

    Hi,

    We are having some problems with DDoS attacks. We were looking for solutions and we found Intruguard and RioRey. Does anyone have any experience with Intruguard or RioRey?

    Is there any other company that offers DDoS protection?


    BR,

    BBKing

  2. #2
    Hire a good system admin to find the cause of DDOS attack and resolve it.

    You can also use cisco firewalls to stop ddos.

  3. #3
    Join Date
    May 2010
    Posts
    57
    I think still no one could find out solution on ddos. But We prevent ddos using setting firewall rules on server.

  4. #4
    Only a hardware firewall offers real protection against any DDOS attacks. I recommend using Cisco Guard. Search on google for Intruguard or RioRey. I bet you will find some reviews there.
    Host Mist - Helping People Say Hello World
    Shared | VPS | Dedicated

  5. #5
    We know where attacks are comming from and we know what kind of attack is. We have Cisco Firewall and it fails (100% CPU Usage).
    We are searching google for reviews but there is not much about that.

    Cisco has discontinued his Cisco Guard product.

  6. #6
    Quote Originally Posted by chetantech View Post
    I think still no one could find out solution on ddos. But We prevent ddos using setting firewall rules on server.
    The setting up firewall wont prevent ddos, it will just reduce it for a while. However, you can try mod_evasive and ddos_deflate, that will help to reduce its intensity. But, it wont stop ddos for sure.

  7. #7
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by BBKing212 View Post
    Hi,

    We are having some problems with DDoS attacks. We were looking for solutions and we found Intruguard and RioRey. Does anyone have any experience with Intruguard or RioRey?

    Is there any other company that offers DDoS protection?


    BR,

    BBKing
    We maintain two networks, one RioRey and one IntruGuard. The RioRey is easier to use but the IG has a more robust feature set.

    Another poster mentioned using a firewall; works great for UDP but even a 100 - 200 Mbps TCP attack will sink a NS5200 ($80,000 firewall) so it's necessary to use DDoS appliances in front of your firewalls.

  8. #8
    Quote Originally Posted by BBKing212 View Post
    We know where attacks are comming from and we know what kind of attack is. We have Cisco Firewall and it fails (100% CPU Usage).
    We are searching google for reviews but there is not much about that.

    Cisco has discontinued his Cisco Guard product.
    We recently purchased a Riorey RX1810 and wrote a small review (link is on the riorey frontpage; "RioRey's RX1810 Reviewed by Tweakers.net"). Basically it works for us, but it totally depends on how big the ddos is and how many packets per second you get in attacker traffic. We successfully blocked 300-550k PPS SYN attacks and up to 1GBit/s 1500-byte packets with it.

    For our website (~16 servers, ~5-10mbit incoming, 50-500 mbit outgoing) it works, and even tho it hasn't blocked a real attack so far, our testing indicated it would have blocked most of the previous attacks we suffered (save one, which was in excess of 7gbit).

    I haven't tested the IntruGuard, but if it is a ddos appliance it probably works.

  9. #9
    Maybe this can help: http://www.blockdos.net/

  10. #10
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    Quote Originally Posted by IRCCo Jeff View Post
    We maintain two networks, one RioRey and one IntruGuard. The RioRey is easier to use but the IG has a more robust feature set.

    Another poster mentioned using a firewall; works great for UDP but even a 100 - 200 Mbps TCP attack will sink a NS5200 ($80,000 firewall) so it's necessary to use DDoS appliances in front of your firewalls.
    I want to add to what Jeff has stated here. You can have an appliance but the appliance must must be configured properly by someone who knows what they are doing. You also must understand that they will likely not catch everything and you will probably need another form of protection with that.

    I only mention this because we get lots of customers who have Riorey devices and are still down. Just be sure of what you are getting yourself into and that you know you are spending $10k+ on a solution that will resolve your problem.
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915

  11. #11
    @IRCCo Jeff:
    Could you give a bit more detailed comparison between RioRey and Intruguard? How is Intruguard mitigating DDoS attacks? Did you have any false positive on RioRey or Intruguard?

  12. #12

    *

    why Intruguard and RioRey? There must be a better solution like a change in the configuration.

    I read someone has used these 2 iptables:
    iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
    iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 2 --hitcount 6 -j DROP

    First line: Port 80 logger
    Second Line: Limit. 2 connections per 6 seconds.
    If your site has a lot of pictures they will be loaded (partially) with a 2 seconds delay... So this is not a adequate solution, just a quick and dirty protection when you don't know what to do in a ddos attack.

    I'm still searching for a better method. isn't there a best practice solution?

  13. #13
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    Quote Originally Posted by powerstar View Post
    why Intruguard and RioRey? There must be a better solution like a change in the configuration.

    I read someone has used these 2 iptables:
    iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
    iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 2 --hitcount 6 -j DROP

    First line: Port 80 logger
    Second Line: Limit. 2 connections per 6 seconds.
    If your site has a lot of pictures they will be loaded (partially) with a 2 seconds delay... So this is not a adequate solution, just a quick and dirty protection when you don't know what to do in a ddos attack.

    I'm still searching for a better method. isn't there a best practice solution?
    There is a 'best' solution for you. What is best for you, may not be for everyone else.

    It depends on the attack, the size of the attack, and how what your budget may allow.
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915

  14. #14
    Join Date
    May 2003
    Location
    Canada
    Posts
    671
    I have seen both devices going down. Infact there is no such thing as 100% protection. So depends on the type of attack you get it has to be dealt accordingly. Specially if you are installing any of the mitigation devices make sure that your internet provider is smart and friendly enough to listen to you and do what you ask. Bandwidth is just one factor. But these devices failed most of the time when hit by low rate attack which looks very real. So you will be needing some additional stuff besides this to block application level attacks.

    Imagine attackers put iframe in 10 very busy sites .. which redirect traffic or open your webpage. Technically that traffic is Legit and these devices will pass them to your server. Human interaction is always something you need to keep in mind.

    This is why most of the ddos mitigation companies actually sell ddos protection as a SERVICE. I had one client who had a lot of money but in the end he had to use the "Service" even he had his own equipments. To fight a 20gbps attack


    btw iptables wont work if its windows based box :p
    Server4Sale
    Dirt CHEAP Servers coming soon

  15. #15
    Join Date
    Apr 2009
    Location
    Australia
    Posts
    184
    As said above no DDoS Attack can be fully mitigated but there are ways to reduce the attack.

    Anyway, Have you got any idea on how big the attack is?

  16. #16

Similar Threads

  1. DDoS protection providers vs DDoS protection scripts
    By Mareshal in forum Dedicated Server
    Replies: 12
    Last Post: 10-10-2009, 09:46 PM
  2. DDos protection.
    By definebr in forum Dedicated Server
    Replies: 4
    Last Post: 05-25-2009, 09:49 PM
  3. DDOS Protection
    By hostingguy123 in forum Hosting Security and Technology
    Replies: 7
    Last Post: 07-05-2008, 02:04 AM
  4. Replies: 7
    Last Post: 01-17-2007, 12:49 PM
  5. ddos protection
    By morphey in forum Dedicated Server
    Replies: 0
    Last Post: 06-06-2006, 06:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •