Page 5 of 6 FirstFirst ... 23456 LastLast
Results 101 to 125 of 140
  1. #101
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    I agree completely. However, my consideration was if it could be spread out to where he was at least splitting it by 10Gbps segments then the upstreams may be of better assistance with it.

    In my experience, once an attack reaches this size (and I have only seen two for short periods since being with SO- so I don't have extensive experience in this size.) The upstream providers may be more open to assisting with attacks upwards of 10Gbps spread than a 30Gbps brute load.

    I know when I was a chief engineer at a previous worldwide company, we had attacks of this size a couple times a year. In those cases our upstream providers did most of the heavy lifting to correct the situation. The rest, we blackholed/tarpitted/dropped random packets, looked for retries, etc. There are some very interesting things you can do with the right gear. However, it's likely that gear is sitting with the upstream. That's why I recommend leaning on them as much as you can because they hold the real cards in this situation.

  2. #102
    Join Date
    Jun 2006
    Location
    Support Ticket Near You!
    Posts
    1,106
    Quote Originally Posted by Spudstr View Post
    Theres another company thats slipping my mind right now, that does a very good job at DDOS mitigation. Their device sits between you and your bgp neighbor and intercepts traffic before it gets through you. I believe it works in a passive sense.
    That would be RioRey - http://www.riorey.com/

    They are quite expensive though, but you get the support that comes with it, not just the product itself.
    HostGuard.net - VPS Control Panel
    Automating and monitoring your hosting business.

  3. #103
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by Katatonic View Post
    That would be RioRey - http://www.riorey.com/

    They are quite expensive though, but you get the support that comes with it, not just the product itself.
    RioRey is a solid brand but these appliances would not help with a 30 Gbps attack.

  4. #104
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Quote Originally Posted by Sekweta View Post
    Which probably contributes to more facilities NOT having them, unfortunately. Imagine, if these devices were more realistially priced, how many more network operators would have them, rendering a lot more DDoS attacks ineffective (making such attacks a lot less "fun" for the bad guys).

    Actually, this is what makes it a lot less "fun" for the bad guys...

    Black Ops.
    Classify them as terrorists, issue 'dead or alive' warrants, no matter what country they are located in and let the fine Ambassadors smooth it over 'after the fact'.

    This makes it a lot less "fun" for the bad guys.
    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  5. #105
    Join Date
    Feb 2006
    Location
    Buffalo, NY
    Posts
    1,501
    Quote Originally Posted by Mavus View Post
    Actually, this is what makes it a lot less "fun" for the bad guys...

    Black Ops.
    Classify them as terrorists, issue 'dead or alive' warrants, no matter what country they are located in and let the fine Ambassadors smooth it over 'after the fact'.

    This makes it a lot less "fun" for the bad guys.
    Packets don't kill people, people kill people.
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Official Let's Encrypt Sponsor

  6. #106
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Quote Originally Posted by CodyRo View Post
    Packets don't kill people, people kill people.

    We all have our own line of morality.

    They have theirs and this is mine.

    Classify this kind of activity as terrorism and implement an anti-terrorism solution.

    I bet it will work.
    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  7. #107
    Join Date
    Jul 2010
    Location
    Kansas City, MO, US
    Posts
    292
    Let's just classify everything we dislike as terrorism until there're only a half a dozen humans left on earth, desperately hunting one another down like rabid dogs. Yeah, that's the kind of world I want to live in.
    Ⓐ Red Triangle Technology Collective Ⓐ
    Hosting a revolution!
    http://www.redtriangletc.org/

  8. #108
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Quote Originally Posted by mdharris View Post
    Let's just classify everything we dislike as terrorism until there're only a half a dozen humans left on earth, desperately hunting one another down like rabid dogs. Yeah, that's the kind of world I want to live in.
    No worries, we have a long way to only a 'half a dozen humans left'...
    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  9. #109
    Join Date
    Mar 2005
    Location
    Orlando, Florida
    Posts
    2,625
    Quote Originally Posted by mdharris View Post
    Let's just classify everything we dislike as terrorism until there're only a half a dozen humans left on earth, desperately hunting one another down like rabid dogs. Yeah, that's the kind of world I want to live in.

    I don't necessarily agree with the statements of either of you two in this case.

    Honestly, I think classifying anything as terrorism is a bad idea to begin with as it removes the ability to act rationally and grants the law a license to do what ever they want.

    Significantly stricter laws to need to be put in place for attacks such as this, especially as internet lines into users homes grow larger and larger in the more well-connected countries.

    Calling it terrorism just isn't the way to do it.

    Killing your BGP routes to the ISP that's not being of any assistance for 1-2 weeks is probably going to end up being the most efficient method of getting rid of the attacks.

    Hardware capable of fending off 10gbps attacks is extremely expensive -- wait until you need 4-5 of the devices.

    There aren't many options, and most of them generally suck.

    If it's causing huge issues, you're going to need to make a decision and need to disrupt service to an ISP for the greater good.
    Matthew Rosenblatt, and I do lots of things.
    Used to be a full time server administrator, now I help build cruise ships and inspect homes.
    My company, Ferrell Solutions, specializes in home inspections and property management.
    RecallScan is a service for monitoring appliances and vehicles in your home for recalls.

  10. #110
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Quote Originally Posted by ClubUptime View Post
    Honestly, I think classifying anything as terrorism is a bad idea to begin with as it removes the ability to act rationally and grants the law a license to do what ever they want.
    Maybe an over kill idea, but eventually it will not be.

    And this is not true; there are clear rules of engagement for anti-terrorism teams and they sport more honor and discipline than most ever will.
    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  11. #111
    Quote Originally Posted by Mavus View Post
    Actually, this is what makes it a lot less "fun" for the bad guys...

    Black Ops.
    Classify them as terrorists, issue 'dead or alive' warrants, no matter what country they are located in and let the fine Ambassadors smooth it over 'after the fact'.

    This makes it a lot less "fun" for the bad guys.
    Woah, your solution to the OP's problem is so realistic!!!

    Oh wait, that's exactly what it isn't.

  12. #112
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Quote Originally Posted by Srin View Post
    Woah, your solution to the OP's problem is so realistic!!!

    Oh wait, that's exactly what it isn't.
    Maybe, but then it is rising to the top 'none the less' against all the other nifty, difty solutions so far attempted!

    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  13. #113
    Join Date
    Jun 2003
    Location
    London, UK
    Posts
    1,765
    Send in Jack Bauer, he will stop the DDoS.
    Darren Lingham - Stablepoint Hosting
    Stablepoint - Cloud Web Hosting without compromise
    We provide industry-leading cPanel™ web hosting in 80+ global cities.

  14. #114
    Join Date
    Nov 2009
    Location
    Cincinnati
    Posts
    1,585
    Quote Originally Posted by dazmanultra View Post
    Send in Jack Bauer, he will stop the DDoS.
    Chuck Norris can stop a tcp connection with his mind.
    'Ripcord'ing is the only way!

  15. #115
    Didn't the patriot act make hacking a website be considered terrorism?

    Anyway, if this needs to be filtered before hitting your carriers, the solution has to be at the china telecom end of things. If they can't / won't filter it, potentially (with chinatel cooperation) you could filter it for them with the right equipment located on their network, along with them routing your traffic towards this equipment. This way it doesn't hit the carriers at all. But again only works if chinatel is willing to let you do this.

  16. #116
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Tim,

    Specifically what is your strategy here? I've noticed that in recent days you have gone from announcing Telia and nLayer to dropping Telia and announcing Tinet and Tata?

  17. #117
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    My best guess is that someone(s) in S.E. Asis is launching non-stop Denial of Service attacks via legions of zombie computers across China etc., that are now spoiling large swathes of Western U.S. at least. And that for over 3 months!

    This is economic terrorism, pure and simple.

    Mainland China need be cut off entirely now until they solve their own zombie mess with their own resources. Maybe they should consider a large one-payment to dear Bill? I guess condoning pirated copies the West's software is not working out so well for either of us.
    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  18. #118
    Quote Originally Posted by Mavus View Post
    My best guess is that someone(s) in S.E. Asis is launching non-stop Denial of Service attacks via legions of zombie computers across China etc.,
    Wasn't this established a long time ago?

    Quote Originally Posted by Mavus
    This is economic terrorism, pure and simple.

    Mainland China need be cut off entirely now until they solve their own zombie mess with their own resources. Maybe they should consider a large one-payment to dear Bill?
    You're just a treasure trove of practical ideas aren't you?

  19. #119
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Quote Originally Posted by Srin View Post
    Wasn't this established a long time ago?



    You're just a treasure trove of practical ideas aren't you?
    Yep, and some days are better than others...

    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  20. #120
    wow... didn't know this thread is still alive and kicking! Sorry I haven't posted in a while been a bit busy.

    When it comes to hardware and AnyCast as someone responded back It won't be much of help China Telecom as mentioned by someone (who actually know interestingly too much about CT) they have very unique network structure and it would be impossible to handle. When it comes to putting the right hardware on the carrier end we have the right hardware on our end and 0% of the attack traffic reach our servers network attack is filtered within milliseconds. Even if using AnyCast and trying to load balance the traffic via the multiple providers we have we will still end up with some of the links saturated impacting not only us but some of the other carrier customers.

    We were able to have a temporary fix for this problem for now, we are working with the feds to get them hunted down and most likely sue them for damage once caught. We are also implementing another solution but that will take a couple of months to complete.

    Regarding DDOS and is it legal to consider it as terrorism? You bet! Back in the "no internet" days mafias used to blackmail and still until now do to shop owners and threaten to close their store if they don't pay a toll. Now same thing happens with DDOS with internet. Only difference is it's more sophisticated but the method is the same.

    Regarding China and blocking it from the world... That is one drastic measure to use, but we keep on forgetting something essential here... China is a HUGE internet market, internet is coming in to every home very rapidly. It's a learning curve for everyone in China and WorldWide. I just think the right hand need to be twisted here and there to get their attention to some problems and get them resolved, and hope for the best.

    Regarding our carriers we don't have Telia "yet" we had some problems with Tinet we dropped them out for a week or so they have been re-added.

  21. #121
    Quote Originally Posted by Jigy View Post
    wow... didn't know this thread is still alive and kicking! Sorry I haven't posted in a while been a bit busy.

    When it comes to hardware and AnyCast as someone responded back It won't be much of help China Telecom as mentioned by someone (who actually know interestingly too much about CT) they have very unique network structure and it would be impossible to handle. When it comes to putting the right hardware on the carrier end we have the right hardware on our end and 0% of the attack traffic reach our servers network attack is filtered within milliseconds.
    Right, it's filtered on your end and not causing too many issues to you. But if that's all you cared about you wouldn't have made the thread. If you used the same filtering hardware / techniques higher up the chain, that stops the problem farther up the chain, which presumably is your goal. Is this an option?
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  22. #122
    Quote Originally Posted by Jigy View Post
    I'm calling this the Great DDOS of China.
    How about "the great /bin/wall of China"?

    You could try getting a peering connection with China Telecom; maybe at their NA peering locations, where they are sub-10Gbps. If it saturates their peering point, they might decide it's their problem too.

  23. #123
    Quote Originally Posted by Zitibake View Post
    How about "the great /bin/wall of China"?

    You could try getting a peering connection with China Telecom; maybe at their NA peering locations, where they are sub-10Gbps. If it saturates their peering point, they might decide it's their problem too.
    wrong.

    Many people have had issues with saturated peering with chinatel, be it because of DDoS or simply insufficient bandwidth, and they don't care. If the carriers could simply add more peering bandwidth and then drop the packets they didn't want, they would do so, but they can't.
    IOFLOOD.com -- We Love Servers
    Phoenix, AZ Dedicated Servers in under an hour
    ★ Ryzen 9: 7950x3D ★ Dual E5-2680v4 Xeon ★
    Contact Us: sales@ioflood.com

  24. #124
    Join Date
    Jun 2009
    Location
    Washington
    Posts
    374
    Oh ya!

    And you call this 'growing pains' of a vast new market!

    Let me know when this Titan moves up out of diapers!!

    ABSF
    Arrogant Bastard Server Farm
    Built from scratch Data Center serving
    100 year-old Metaphysical Library

  25. #125
    Join Date
    May 2008
    Location
    Birmingham
    Posts
    128
    A tempeorary solution that may help.

    You can split your data center into two virtual data centers.

    name it peace DC and war DC.

    War DC has its own upstream link, core routers, etc.. completely separated DC.

    Move frequently attacked servers to war DC and let some of your staff handle this attack, keep peace servers away from enemy lines.

    China very happy to shutdown game servers becuase it affects china economy.
    chines gamers are crazy spend more than 20 hours playing into cyber cafes.
    Binary Racks | Premium Hosting at Budget

    Dedicated Servers | Cloud Hosting | Colocation Racks
    E-mail: sales@binaryracks.com | Phone +44 121 7900 390

Page 5 of 6 FirstFirst ... 23456 LastLast

Similar Threads

  1. crossover != 1 GBPS?
    By HNLV in forum Colocation, Data Centers, IP Space and Networks
    Replies: 15
    Last Post: 03-30-2009, 01:53 AM
  2. Anyone want to share 1 gbps in Milwaukee?
    By keefe007 in forum Other Hosting Offers
    Replies: 2
    Last Post: 09-19-2008, 01:49 PM
  3. EU 1 Gbps host needed
    By ddosguru in forum Dedicated Server
    Replies: 15
    Last Post: 07-13-2008, 02:18 PM
  4. Replies: 14
    Last Post: 11-22-2003, 05:40 AM
  5. Replies: 8
    Last Post: 11-13-2003, 10:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •