Results 26 to 50 of 128
Thread: dDoS mitigation
-
05-08-2005, 09:09 AM #26Disabled
- Join Date
- Nov 2004
- Location
- England
- Posts
- 513
If anyone wants to read about DDoS mitigation or find a company specialising on DDoS mitigation, prolexic.com is a good company.
The guy who founded it is an absolute genius.
He diverted a 3Gbit/sec attack to a datacentre with 10Gbit/sec capacity, owned by a friend, and worked virtually non-stop to setup some fancy filtering/mitigation system.
Now he's founded that company and is [probably] a multi-millioniare. Not bad eh
But in the end it all comes down to pipe size. If their pipe's bigger than yours, you'll always lose.
-
05-08-2005, 09:13 AM #27Web Hosting Master
- Join Date
- Mar 2005
- Location
- NY USA
- Posts
- 839
Originally posted by IRCCo Jeff
For larger DDoS such as the kind that kernelpanic is talking about, you'll want to make sure you have good relations with federal authorities.
Have you ever had FBI agents and such contact you needing assistance with some type of criminal activity that has found its way onto your network?
Of course, we all have and those are the same folks that you will want to stay in touch with to ask for return favors if you ever find yourself requiring such assistance.EZZI.net - A Service of Access Integrated Technologies Inc
Running data centers, nationwide data network, and world-wide VoIP network.
http://www.EZZI.net sales@ezzi.net
-
05-08-2005, 09:34 AM #28here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
When i beggin that post i had in mind "attacks by kids" which means around 100-500mbps. You are talking for very very big attacks that almost the biggest tier1 providers cant stop them..
But although is a nice conversation, there are people here that knows many and we proud that we can learn some more from them!
Blacklotus have ddos protected servers for irc?
-
05-08-2005, 09:36 AM #29here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
vidahost
the person you are talking about offers dedicated server or just hardware solutions for attacks?
Thanks
-
05-08-2005, 09:40 AM #30Web Hosting Master
- Join Date
- Mar 2005
- Location
- NY USA
- Posts
- 839
Originally posted by D3m0n
Blacklotus have ddos protected servers for irc?
It also says under construction when you click on the DDOS Mitigation link. For someone with as much tolerance and knowledge as Jeff seems to have here, one would think this page would have some information.
EZZI doesnt even allow people to sustain an attack on our network and we have information about our ddos solutions on our site.
Just my observation...EZZI.net - A Service of Access Integrated Technologies Inc
Running data centers, nationwide data network, and world-wide VoIP network.
http://www.EZZI.net sales@ezzi.net
-
05-08-2005, 09:42 AM #31Disabled
- Join Date
- Nov 2004
- Location
- England
- Posts
- 513
Originally posted by D3m0n
vidahost
the person you are talking about offers dedicated server or just hardware solutions for attacks?
Thanks
They don't do small-scale prevention, their clients are the large corporations paying $50k/year+ for their services, I believe.
-
05-08-2005, 09:48 AM #32here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
hehe vidahost do you know any companies cooperate with them?
Ezzi use NetScreen (juniper) if i am not wrong! and that is good for attack 100-500mbit but can not do many if the attack is big!
Blacklotus make your site soon many are interested in your services
-
05-08-2005, 09:53 AM #33Disabled
- Join Date
- Nov 2004
- Location
- England
- Posts
- 513
Originally posted by D3m0n
hehe vidahost do you know any companies cooperate with them?
Ezzi use NetScreen (juniper) if i am not wrong! and that is good for attack 100-500mbit but can not do many if the attack is big!
Blacklotus make your site soon many are interested in your services
You can read lots about what they do on the site.
I don't know any companies which use them, however.
-
05-08-2005, 09:58 AM #34here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
Ok
From a post i have made people told that hardware like CISCO Guard/RiverHead and TopLayer doing a great job under ddos attacks. Any opinion about them?
Also for that i said in the begging, IF i put a rule to the router to block all icmp to my server i will never have problem with that kind of attacks or and after that maybe someone can effect me?
Thanks
-
05-08-2005, 10:00 AM #35Disabled
- Join Date
- Nov 2004
- Location
- England
- Posts
- 513
Well the attack might not reach your server, but they could still clog up the datacentre's pipes coming to your server.
And blocking all ICMP isn't the best idea.
And in any case, they'd just HTTP flood etc.
Cisco Guard seems good to me. Protected me from a 300mbit/sec attack.
-
05-08-2005, 10:20 AM #36here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
Nice to hear that!
The problem is that we dont know which datacenter/companies use them. They dont say it in the site or they are not giving info about their protection if they have of course..
Which company/datacenter you use?
-
05-08-2005, 10:43 AM #37Disabled
- Join Date
- Nov 2004
- Location
- England
- Posts
- 513
The Planet - www.theplanet.com.
I think EV1 also run similar systems.
-
05-08-2005, 04:06 PM #38WHT Addict
- Join Date
- Jul 2004
- Posts
- 148
DDoS's are almost impossible to defend.They can range from SYN or PING floods, to irc cloning or troll attacks.Basically, if the server can accept multiple incoming connections, it can be DDoSed.It only takes a 12 year old kid that finds an sdbot source to become a threat - Its not hard to do, it requires minimal effort and is LAME.Although saying this, the botnet scene is rather quiet, and allot of the sourcecodes are extremely private - most botnet kiddies go in groups and do it in large quantitys (2mil comprimised hosts and upwards), as long as your customer doesnt piss one of these groups off, a severe DDoS is very unlikely.
DoS's however, CAN be defended by blocking the offending IP.
-
05-08-2005, 05:54 PM #39here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
when an attack happens and you are logged in the server can you see that? i mean is there a software that can inform you about that?
-
05-08-2005, 06:02 PM #40Web Hosting Master
- Join Date
- Nov 2002
- Location
- Chicago IL
- Posts
- 900
Originally posted by dtredwell
DDoS's are almost impossible to defend.
We stop DDOS every day, we have not had one of our clients ever "dropped" from DDOS on our irc network or our high risk web network, we have never had to null route IP's on our network, we constantly have 10 or more attacks towards multiple targets on our network with out issue.
In other words DDOS is not impossible to defend, but there is only a small handful of providers out there who have the expertise who will defend against it. And there is even a less amount of those who do have the expertise and WANT to defend against it.GigeNET
Dedicated Servers + Cloud Servers + Colocation + DDOS Protection + IP Transit with FCP optimized routing
Locations in Chicago Los Angeles and Ashburn
-
05-08-2005, 06:53 PM #41here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
nice to hear that
-
05-08-2005, 08:51 PM #42Web Hosting Master
- Join Date
- Nov 2002
- Posts
- 2,780
Many knows how to defend it, but it simply isn't worth the time to filter it. Defending ddos for constant attracter is simply causing more headache then they're willing to pay. This is more about the willingness to filter it rather than if it could be done.
http://Ethr.net jay@ethr.net
West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC
-
05-08-2005, 10:28 PM #43CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
Take-IT-EZZI,
I have been busy with other matters and have not had a chance to update that page. A lot of the information on our site is in the process of being updated.
There are no "in stone" policies regarding DDoS at Black Lotus, anyone who thinks they might have a DDoS concern and wants to host with us should really contact us directly.
In short, we will not place a null route on DDoS < 100 Mbps. If a customer expects to remain up during DDoS of > 100 Mbps, they should probably contact us for a custom plan.
-
05-09-2005, 06:41 AM #44here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
dont know many but null-routing is not the best solution! as in irc its the same if get ddos or null-route your ip. In both the client quits from irc server or the irc server netsplits from the net!
-
05-09-2005, 07:54 AM #45Web Hosting Master
- Join Date
- Mar 2005
- Location
- NY USA
- Posts
- 839
Originally posted by D3m0n
dont know many but null-routing is not the best solution! as in irc its the same if get ddos or null-route your ip. In both the client quits from irc server or the irc server netsplits from the net!EZZI.net - A Service of Access Integrated Technologies Inc
Running data centers, nationwide data network, and world-wide VoIP network.
http://www.EZZI.net sales@ezzi.net
-
05-09-2005, 07:56 AM #46Web Hosting Master
- Join Date
- Mar 2005
- Location
- NY USA
- Posts
- 839
Originally posted by ameen
I disagree.
We stop DDOS every day, we have not had one of our clients ever "dropped" from DDOS on our irc network or our high risk web network, we have never had to null route IP's on our network, we constantly have 10 or more attacks towards multiple targets on our network with out issue.
In other words DDOS is not impossible to defend, but there is only a small handful of providers out there who have the expertise who will defend against it. And there is even a less amount of those who do have the expertise and WANT to defend against it.
Share your expertise with us ameen, please I need to know how one accomplishes this goal.EZZI.net - A Service of Access Integrated Technologies Inc
Running data centers, nationwide data network, and world-wide VoIP network.
http://www.EZZI.net sales@ezzi.net
-
05-09-2005, 09:32 AM #47CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
Take-IT-EZZI,
What makes you assume that Ameen only has a single GE?
-
05-09-2005, 10:28 AM #48Web Hosting Master
- Join Date
- Mar 2005
- Location
- NY USA
- Posts
- 839
I'm not assuming anything, except that people are here pretending they can do the impossible.
You can have all the expertise in the world, if someone has a botnet with more bandwidth than you have available, they clog your pipes and its a wrap no matter what filtering device you have behind that pipe, clog the pipe, say goodnight, end of list.
And thats not the only limitation. How many packets per second can your devices handle? How do they determine whats a UDP flood and whats a counterstrike game?
DDOS mimics legit traffic, above I used the counterstrike example, if I have 500 IP addresses dumping 500pps into port 27015 and your filtering kicks on, its going to disrupt the game before my botnet does any damage, unless it knows the difference between my random packets and the game packets, and even then, it will have to examine each packet before passing it on, ameen says he has 10 attacks going at any given time, so his filter is crunching on 2.5 million pps before it even delivers his email.
So lets say ok fine, your equipment handles all that you are a genius, an ace, the magic ddos slayer.
Now you are eating >500mbps inbound traffic and consuming a $50k+ device, to help 10 users that pay $130/month.
But lets say thats ok with you...
I tell all my bots to download a file from your web/ftp server
or to open connections to your ircd
or your sshd
or send you an email
or make dns queries
The list goes on...
But what do I know right?EZZI.net - A Service of Access Integrated Technologies Inc
Running data centers, nationwide data network, and world-wide VoIP network.
http://www.EZZI.net sales@ezzi.net
-
05-09-2005, 12:00 PM #49here goes my custom title!
- Join Date
- Jun 2004
- Location
- Earth!!
- Posts
- 649
they have 2Gbit with above.net (inbound) and 1Gbit with BTN as ameen told me yesterday as i asked him.
Gigenet/Gigeservers say that they offer undropable ddos mitigation and they will not nullroute ever
When someone asking info about their protection they just say that they have spend lots of money and time to it. Hope ameen to reply and give us the info!
Thanks
-
05-09-2005, 04:31 PM #50WHT Addict
- Join Date
- Jul 2004
- Posts
- 148
I think the best setup to have would be an auto-nullrouting system.