Page 2 of 6 FirstFirst 12345 ... LastLast
Results 26 to 50 of 128

Thread: dDoS mitigation

  1. #26
    Join Date
    Nov 2004
    Location
    England
    Posts
    513
    If anyone wants to read about DDoS mitigation or find a company specialising on DDoS mitigation, prolexic.com is a good company.

    The guy who founded it is an absolute genius.

    He diverted a 3Gbit/sec attack to a datacentre with 10Gbit/sec capacity, owned by a friend, and worked virtually non-stop to setup some fancy filtering/mitigation system.

    Now he's founded that company and is [probably] a multi-millioniare. Not bad eh

    But in the end it all comes down to pipe size. If their pipe's bigger than yours, you'll always lose.

  2. #27
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839
    Originally posted by IRCCo Jeff


    For larger DDoS such as the kind that kernelpanic is talking about, you'll want to make sure you have good relations with federal authorities.

    Have you ever had FBI agents and such contact you needing assistance with some type of criminal activity that has found its way onto your network?

    Of course, we all have and those are the same folks that you will want to stay in touch with to ask for return favors if you ever find yourself requiring such assistance.
    We've worked with the FBI before, but not on an outbound flood, we see that and we take action to prevent it from getting out of our network.
    EZZI.net - A Service of Access Integrated Technologies Inc
    Running data centers, nationwide data network, and world-wide VoIP network.
    http://www.EZZI.net sales@ezzi.net

  3. #28
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    When i beggin that post i had in mind "attacks by kids" which means around 100-500mbps. You are talking for very very big attacks that almost the biggest tier1 providers cant stop them..

    But although is a nice conversation, there are people here that knows many and we proud that we can learn some more from them!

    Blacklotus have ddos protected servers for irc?

  4. #29
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    vidahost
    the person you are talking about offers dedicated server or just hardware solutions for attacks?

    Thanks

  5. #30
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839
    Originally posted by D3m0n

    Blacklotus have ddos protected servers for irc?
    Their site says DDOS protection is available for $0.95

    It also says under construction when you click on the DDOS Mitigation link. For someone with as much tolerance and knowledge as Jeff seems to have here, one would think this page would have some information.

    EZZI doesnt even allow people to sustain an attack on our network and we have information about our ddos solutions on our site.

    Just my observation...
    EZZI.net - A Service of Access Integrated Technologies Inc
    Running data centers, nationwide data network, and world-wide VoIP network.
    http://www.EZZI.net sales@ezzi.net

  6. #31
    Join Date
    Nov 2004
    Location
    England
    Posts
    513
    Originally posted by D3m0n
    vidahost
    the person you are talking about offers dedicated server or just hardware solutions for attacks?

    Thanks
    Just hardware solutions as far as I know.

    They don't do small-scale prevention, their clients are the large corporations paying $50k/year+ for their services, I believe.

  7. #32
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    hehe vidahost do you know any companies cooperate with them?

    Ezzi use NetScreen (juniper) if i am not wrong! and that is good for attack 100-500mbit but can not do many if the attack is big!

    Blacklotus make your site soon many are interested in your services

  8. #33
    Join Date
    Nov 2004
    Location
    England
    Posts
    513
    Originally posted by D3m0n
    hehe vidahost do you know any companies cooperate with them?

    Ezzi use NetScreen (juniper) if i am not wrong! and that is good for attack 100-500mbit but can not do many if the attack is big!

    Blacklotus make your site soon many are interested in your services
    The service isn't just a hardware application. It's absolutely frikkin' amazing, I was working with him on something else while he was developing it.

    You can read lots about what they do on the site.

    I don't know any companies which use them, however.

  9. #34
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    Ok

    From a post i have made people told that hardware like CISCO Guard/RiverHead and TopLayer doing a great job under ddos attacks. Any opinion about them?

    Also for that i said in the begging, IF i put a rule to the router to block all icmp to my server i will never have problem with that kind of attacks or and after that maybe someone can effect me?

    Thanks

  10. #35
    Join Date
    Nov 2004
    Location
    England
    Posts
    513
    Well the attack might not reach your server, but they could still clog up the datacentre's pipes coming to your server.

    And blocking all ICMP isn't the best idea.

    And in any case, they'd just HTTP flood etc.

    Cisco Guard seems good to me. Protected me from a 300mbit/sec attack.

  11. #36
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    Nice to hear that!

    The problem is that we dont know which datacenter/companies use them. They dont say it in the site or they are not giving info about their protection if they have of course..

    Which company/datacenter you use?

  12. #37
    Join Date
    Nov 2004
    Location
    England
    Posts
    513
    The Planet - www.theplanet.com.

    I think EV1 also run similar systems.

  13. #38
    DDoS's are almost impossible to defend.They can range from SYN or PING floods, to irc cloning or troll attacks.Basically, if the server can accept multiple incoming connections, it can be DDoSed.It only takes a 12 year old kid that finds an sdbot source to become a threat - Its not hard to do, it requires minimal effort and is LAME.Although saying this, the botnet scene is rather quiet, and allot of the sourcecodes are extremely private - most botnet kiddies go in groups and do it in large quantitys (2mil comprimised hosts and upwards), as long as your customer doesnt piss one of these groups off, a severe DDoS is very unlikely.

    DoS's however, CAN be defended by blocking the offending IP.

  14. #39
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    when an attack happens and you are logged in the server can you see that? i mean is there a software that can inform you about that?

  15. #40
    Join Date
    Nov 2002
    Location
    Chicago IL
    Posts
    900
    Originally posted by dtredwell
    DDoS's are almost impossible to defend.
    I disagree.

    We stop DDOS every day, we have not had one of our clients ever "dropped" from DDOS on our irc network or our high risk web network, we have never had to null route IP's on our network, we constantly have 10 or more attacks towards multiple targets on our network with out issue.


    In other words DDOS is not impossible to defend, but there is only a small handful of providers out there who have the expertise who will defend against it. And there is even a less amount of those who do have the expertise and WANT to defend against it.
    GigeNET
    Dedicated Servers + Cloud Servers + Colocation + DDOS Protection + IP Transit with FCP optimized routing
    Locations in Chicago Los Angeles and Ashburn

  16. #41
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    nice to hear that

  17. #42
    Join Date
    Nov 2002
    Posts
    2,780
    Many knows how to defend it, but it simply isn't worth the time to filter it. Defending ddos for constant attracter is simply causing more headache then they're willing to pay. This is more about the willingness to filter it rather than if it could be done.
    http://Ethr.net jay@ethr.net
    West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC

  18. #43
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Take-IT-EZZI,

    I have been busy with other matters and have not had a chance to update that page. A lot of the information on our site is in the process of being updated.

    There are no "in stone" policies regarding DDoS at Black Lotus, anyone who thinks they might have a DDoS concern and wants to host with us should really contact us directly.

    In short, we will not place a null route on DDoS < 100 Mbps. If a customer expects to remain up during DDoS of > 100 Mbps, they should probably contact us for a custom plan.

  19. #44
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    dont know many but null-routing is not the best solution! as in irc its the same if get ddos or null-route your ip. In both the client quits from irc server or the irc server netsplits from the net!

  20. #45
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839
    Originally posted by D3m0n
    dont know many but null-routing is not the best solution! as in irc its the same if get ddos or null-route your ip. In both the client quits from irc server or the irc server netsplits from the net!
    The null route is to protect the provider and the other customers, not the target. It's used as a last resort.
    EZZI.net - A Service of Access Integrated Technologies Inc
    Running data centers, nationwide data network, and world-wide VoIP network.
    http://www.EZZI.net sales@ezzi.net

  21. #46
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839
    Originally posted by ameen
    I disagree.

    We stop DDOS every day, we have not had one of our clients ever "dropped" from DDOS on our irc network or our high risk web network, we have never had to null route IP's on our network, we constantly have 10 or more attacks towards multiple targets on our network with out issue.


    In other words DDOS is not impossible to defend, but there is only a small handful of providers out there who have the expertise who will defend against it. And there is even a less amount of those who do have the expertise and WANT to defend against it.
    You mean the expertise required to fit 2gbps in a 1gbps pipe?

    Share your expertise with us ameen, please I need to know how one accomplishes this goal.
    EZZI.net - A Service of Access Integrated Technologies Inc
    Running data centers, nationwide data network, and world-wide VoIP network.
    http://www.EZZI.net sales@ezzi.net

  22. #47
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Take-IT-EZZI,

    What makes you assume that Ameen only has a single GE?

  23. #48
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839
    I'm not assuming anything, except that people are here pretending they can do the impossible.

    You can have all the expertise in the world, if someone has a botnet with more bandwidth than you have available, they clog your pipes and its a wrap no matter what filtering device you have behind that pipe, clog the pipe, say goodnight, end of list.

    And thats not the only limitation. How many packets per second can your devices handle? How do they determine whats a UDP flood and whats a counterstrike game?

    DDOS mimics legit traffic, above I used the counterstrike example, if I have 500 IP addresses dumping 500pps into port 27015 and your filtering kicks on, its going to disrupt the game before my botnet does any damage, unless it knows the difference between my random packets and the game packets, and even then, it will have to examine each packet before passing it on, ameen says he has 10 attacks going at any given time, so his filter is crunching on 2.5 million pps before it even delivers his email.

    So lets say ok fine, your equipment handles all that you are a genius, an ace, the magic ddos slayer.

    Now you are eating >500mbps inbound traffic and consuming a $50k+ device, to help 10 users that pay $130/month.
    But lets say thats ok with you...

    I tell all my bots to download a file from your web/ftp server
    or to open connections to your ircd
    or your sshd
    or send you an email
    or make dns queries

    The list goes on...

    But what do I know right?
    EZZI.net - A Service of Access Integrated Technologies Inc
    Running data centers, nationwide data network, and world-wide VoIP network.
    http://www.EZZI.net sales@ezzi.net

  24. #49
    Join Date
    Jun 2004
    Location
    Earth!!
    Posts
    649
    they have 2Gbit with above.net (inbound) and 1Gbit with BTN as ameen told me yesterday as i asked him.

    Gigenet/Gigeservers say that they offer undropable ddos mitigation and they will not nullroute ever

    When someone asking info about their protection they just say that they have spend lots of money and time to it. Hope ameen to reply and give us the info!

    Thanks

  25. #50
    I think the best setup to have would be an auto-nullrouting system.

Page 2 of 6 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •