Results 1 to 25 of 42
Thread: DDoS Protection Question
-
03-03-2012, 07:43 PM #1Newbie
- Join Date
- Nov 2010
- Posts
- 12
DDoS Protection Question
In the near future, I will be buying a dedicated server for a part of my website which NEEDS to have SOME form of DDoS protection. Reason being is because I expect to be DDoSed.
I've been browsing through some DDoS protected hosting packages, with several choices of "packets per second" protection. What I'm unsure about is how strong of a protection I should get as this is an expensive monthly purchase.
Is there any way to estimate or get a number to know how strong of a DDoS protection I should get?
Thanks,
Feriscool.
-
03-03-2012, 07:50 PM #2Junior Guru Wannabe
- Join Date
- Sep 2010
- Posts
- 39
hello there, maybe try out https://www.cloudflare.com/
they have a free option as well. i believe infosec used them successfully.
the other ones i know about are costly and i've seen some that aren't very effective.
-
03-03-2012, 10:18 PM #3Web Hosting Master
- Join Date
- Jan 2008
- Location
- Europe
- Posts
- 779
You can always start off with a lower ddos protection package with a provider and upgrade later if need be.
-
03-03-2012, 10:37 PM #4Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 36
@jasonh - I am curious, with that service it must add a couple extra hops before the destination. Do you have any experience with before and after load times?
███ - PlanetSudoku.com
███ - Millions of Sudoku puzzles including Sudoku 9x9, Multi 2, Multi 4, and Samurai
███ - Puzzles from Very Easy to Hard, Logical Solver, Custom Backgrounds, Learning Center, and more...
-
03-03-2012, 11:11 PM #5Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 3,816
kind of curious, what are you hosting because in your post history it's asking about bulletproof/warez/etc hosts..
-
03-03-2012, 11:58 PM #6Temporarily Suspended
- Join Date
- Feb 2012
- Location
- Chilliwack, BC
- Posts
- 155
Check with Staminus, their main selling point is their DDOS protection. Years ago I was a customer of theirs, and I never had one problem with them.
-
03-04-2012, 12:38 AM #7Temporarily Suspended
- Join Date
- Nov 2004
- Location
- St. Louis, MO
- Posts
- 23
Anyone with a firewall on there server can have DDOS protection.
Only thing people do is filter out the IP's who are doing the by attacker.
You have all the people in the world tell you different, but in the end that is how it is done.
Ether its don't by server level, or higher level but in the end it's a router some place blocking IP's.
This service cost so much because it's not a automated process in most cases.
Unless you have a ASA.. but they are pricy... So most people do IP blocking.
-
03-04-2012, 01:03 AM #8Always Ask...Don't Pretend!
- Join Date
- Aug 2010
- Location
- CPU
- Posts
- 2,187
█ Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.
-
03-04-2012, 01:08 AM #9You broke the internet!!
- Join Date
- Oct 2005
- Location
- Internet
- Posts
- 1,161
For 90% of attacks yes, but I myself have ran into situations where me, my datacenter, and my personal server admin could not stop an attack because it was simply too big to handle. This is where you actually need the professionals to come in where they specialize in these sorts of big attacks.
★ www.GeekDub.com ★
-
03-04-2012, 02:03 AM #10Web Hosting Master
- Join Date
- Nov 2011
- Posts
- 582
A good DDOS protection device can be rather expensive like $40000, to $50000k and some host choose not to go that route and there are many host that do offer it yet you may find out it wasn't what you thought it would be however i'm not implying that all host that offer DDOS protection can't offer sufficient protection. I would ask the host to elaborate more on how they give you the protection. I would try to find someone using a device like the RioRey device. That offers excellent DDOS protection. Just search for RioRey and you will find out more about it.
Lee Linton | Sr. Account Manager | HIVELOCITY
Everything Bare Metal
GLOBAL DATA CENTERS | NORTH AMERICA | EUROPE | APAC |
-
03-04-2012, 02:13 AM #11Always Ask...Don't Pretend!
- Join Date
- Aug 2010
- Location
- CPU
- Posts
- 2,187
Could be but honestly, I always think...how come when it comes to spamming we have Spamhaus, Spamcop and other websites that can blacklist the IPs and domain. Wherein these so-called DDoS providers are not even doing this after they detected the IPs causing the trouble.
Take for example with Project HoneyPot they have list of IPs causing issues.
So at the end, its just all about the money and taking advantage of the situation.█ Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.
-
03-04-2012, 02:39 AM #12Newbie
- Join Date
- Feb 2011
- Posts
- 25
While firewalls can work in some cases with smaller attacks, sometimes it's not that simple. One of the main issues, especially with layer 7 HTTP attacks is having the processing power and artificial intelligence to automatically identify and mitigate attacking source addresses without impacting legitimate traffic. A lot of mainstream firewall appliances and server level software firewalls will fall over quite easily from DDoS attacks. Firewalls generally aren't designed to do DDoS mitigation. That's where specialized DDoS protection solutions come in.
Last edited by DDoSDefend; 03-04-2012 at 02:44 AM.
-
03-04-2012, 04:54 AM #13CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
It is super complicated, and there is not an easy automatic filtering method. I beg to differ that anyone is taking advantage of this situation, its just the nature of the beast. Attackers create attacks with the intent to bypass DDoS mitigation measures. It is a very difficult task to keep up with this. It is very similar to virus protection on your PC; if you do not update your definitions each day, you'll become infected. With DDoS, there is no one updating anyone's definitions. Each host has to learn the new attacks are they become known and build defensive measures from there.
Perhaps you could make a counter argument as to why DDoS protection is or should be easier than this?
-
03-04-2012, 06:20 AM #14Always Ask...Don't Pretend!
- Join Date
- Aug 2010
- Location
- CPU
- Posts
- 2,187
█ Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.
-
03-04-2012, 08:21 AM #15CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
That is also a very complicated question. It boils down to the exact infrastructure the provider is using and the likelihood that the site will come under serious attack. Providers take many factors into consideration when setting pricing. Cheaper providers are often overselling protection capacity, while high end ones are less likely to do so.
-
03-04-2012, 08:43 AM #16Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
03-04-2012, 08:43 AM #17Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
03-04-2012, 10:44 AM #18Web Hosting Master
- Join Date
- Aug 2003
- Location
- /dev/null
- Posts
- 2,132
-
03-04-2012, 11:23 AM #19Web Hosting Master
- Join Date
- Apr 2007
- Posts
- 3,531
BotWars.io - Code the AI of your Battle Bot!
-
03-04-2012, 11:28 AM #20CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
-
03-04-2012, 11:34 AM #21Web Hosting Master
- Join Date
- Apr 2007
- Posts
- 3,531
True you will get better pricing, however my point is theres going to be a limit as to what that provider can actually cleanse for you, weather that be a PPS or Gbps limitation.
I have worked at a few places offering DDOS protection and it's been interesting how many times a client has purchased for example a 5Gbps plan and assumed they can upgrade to 10Gbps if it's a really large attack. Then they get hit by 8Gbps and are stocked when the only option from the ISP is a null route.
Always discuss with your providers the real limitations, and have a plan should the attack overwhelm their protection methods.BotWars.io - Code the AI of your Battle Bot!
-
03-04-2012, 11:39 AM #22Disabled
- Join Date
- Jun 2005
- Posts
- 3,455
You are wrong actually. What you said works for DOS protection not DDOS.
There is a difference.
DOS attacks depending on size can be protected from the server level, with IP filtering or any kind, unless its huge and the server cannot handle it, which could make your own filtering suffer.
DDOS like the D in front says means distributed. This means it's from multiple IPs, all which are different, each time only opens a very small numbers of connections but you get a huge flood of different IPs.
Firewall or just IP blocking will not work, because as you block them new ones keep coming in and if the connections are small enough per IP your firewall will not only block that either. DDOS are like receiving real traffic, so that is the problem, cutting the DDOS attacks and not the real traffic, as you can not tell the difference. This is also why some people say the are being attacked when actually they are just getting a huge boost of new traffic or the other way around, they think their servers is getting a huge boost of traffic when its actually an attack.
If you receive connections from 10,000 IPs, all which are different, there are no firewalls that will work here, not unless you kill good traffic as well.
DDOS system try to analize packest, not just the IP, traffic behavihour and a lot of patterns to try to detect which traffic is real and which is a DDOS attack.
If it was that simple, than anyone could do it, and usually the best protections like Arbor Peak try to cut the attacks from the source destination by reporting this to the other devices and networks. I think this is actually the best solution, to stop them from origin and not let them travel trough the network.
A DDOS attacks is also usually done from someone controlling a botnet as you need different sources to carry it out.
DDOS protection can be quite expensive, very expensive actually.
-
03-04-2012, 11:47 AM #23Web Hosting Master
- Join Date
- Apr 2006
- Location
- Phoenix
- Posts
- 808
This thread is full of a lot of information, sadly not all of it is correct.
The truth is enterprise DDOS protection works - very well in fact. However it does cost a significant cost, 300-400k per 20gigs.
The way most enterprise DDOS protection works is it hangs off the side of the network connecting to your EDGE and CORE routers and monitors traffic patterns. When it detects a DDOS it injects routes into the routers and passes it through its scrubbing box.
The scrubbing box cleans the traffic (again very well) and passes it back down through the core.
All that being said, because the box takes around 2-3 minutes to identify a DDOS, it is important that the network be able to handle the attack during that time.
Because there is a maximum amount of TOTAL ddoses that can be mitigated, and there are real cost implications of being under DDOSes, most dedicated providers who have built a network with enterprise DDOS protection (ourselves included), do not allow large, prolonged or frequent attacks.
What we explain to customers is that if your planning on getting DDOSed you need to go to a company like cloudflare or work with a provider that specializes in it.
Almost every hosting company I know of that deploys the product we use (true enterprise DDOS protection) actively contacts the worst abusers and helps them to find a long term solution because of how selective DDOSes actually are.
In fact, when we deployed our solution, we learned that 95% of our DDOS attacks were caused by just half a percent of our customers.
My point to all of this - Enterprise DDOS protection works - very well, however even if you select a host who protects his/her network from DDOS, they do it to stop the once in a while attack, NOT allow customers to constantly get DDOSed.Jordan Jacobs | VP, Products|SingleHop| JJ @SingleHop.com
Managed Dedicated Servers | Bare-Metal Servers | Cloud Services
-
03-04-2012, 11:53 AM #24Web Hosting Master
- Join Date
- Apr 2007
- Posts
- 3,531
BotWars.io - Code the AI of your Battle Bot!
-
03-04-2012, 10:24 PM #25Always Ask...Don't Pretend!
- Join Date
- Aug 2010
- Location
- CPU
- Posts
- 2,187
Jordan, thank you for this very good information. I hope you don't mind if I ask further. Do PhoenixNAP has some long term solution or plan to effectively combat this threat? I understand that tracing the actual source of the attack is difficult but what are your actions once you detect the IP of the exploited system? What if your customer is regularly targeted, do you simply ask them to find another provider? Do datacenters has some sort of organization that will find long term solution? Thanks in advance.Last edited by Yujin; 03-04-2012 at 10:27 PM.
█ Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.
Similar Threads
-
Hello! Another question about DDoS protection in EU
By Prinode in forum Dedicated ServerReplies: 40Last Post: 10-31-2011, 05:08 PM -
DDoS Protection: ethProxy DDoS Protection - 99.99% SLA / Enterprise-Grade | Unmetered
By PeakVPN-KH in forum Other Hosting OffersReplies: 0Last Post: 05-08-2011, 02:43 PM -
Advanced DDoS protection services. Anti-ddos site protection services.
By stop-ddos in forum Other Web Hosting Related OffersReplies: 0Last Post: 01-20-2011, 04:17 AM -
DDoS Protection / Proxy DDoS Protection - Any Server, Anywhere, In Minutes! ethProxy
By PeakVPN-KH in forum Other Hosting OffersReplies: 0Last Post: 10-08-2010, 04:31 PM -
DDoS protection providers vs DDoS protection scripts
By Mareshal in forum Dedicated ServerReplies: 12Last Post: 10-10-2009, 09:46 PM