Last night I was attacked by some DDoSer. And here are some stats about it.
Attack Destination: 18.104.22.168
Start Time: [Wed Aug 30 11:49:12 2006]
End Time: [Wed Aug 30 11:49:52 2006] Rate: 2,797,920 Packets Per Second
Likewise 2 other ips were attacked at the same time. Out of which 2 ips were instantly null-routed for not more than 4 to 5 minutes. My whole server worked fine! not a 1 sec lag was observed in this time. Being on IRC we are always attractive to such kinda attacks!. But thanx to Staminus services have been sup3rb! =).
Disclaimer before I say anything: I _would_ recommend Staminus in a list of DDoS protection providers. I've personally used machines there. I am in no way knocking their service or the protection they provide, I think they do a good job.
Now that we've gotten that out of the way... the PPS info you're seeing is (in my experience) not accurate.
I've mentioned it before and all Matt did was tell me to "cease and desist".
At anyrate - a couple things;
A previous poster presented 'attack reports' from a few years ago when staminus was behind a single gige drop showing an attack in the 2Mpps range as well. That's physically impossible. The smallest packets that'll be thrown out would put the limit at 1.45Mpps... It made me wonder, so I ran some test of my own on a box at staminus... I was sending 30,000pps to the server. Moments later I received an alert email, 67,000pps! .... Wait a minute....
Now, I don't claim to know the exact setup they're using now - Matt perhaps you can full us in... but some things seem a little strange?
Again, please don't get me wrong. I'm not bashing staminus. I'd recommend staminus or gigeservers to others. I just wouldn't live or die based on the attack stat reporting
Originally Posted by babarhyd
Likewise 2 other ips were attacked at the same time. Out of which 2 ips were instantly null-routed for not more than 4 to 5 minutes.
Nullrouted? wtf? ... Ooh... So, the flood was 1.4Mpps and they blocked you upstream because the gige drop was flooded? (Matt... I'm waiting for you here....)
Protection is included with the purchase of protected IPs at a small monthly price. For more information, please contact me off the board.
Our standard packages offer considerable protection against attacks specifically targeting websites. However, we do offer a much larger set of packages for these attacks which guarantee extremely high protection. Contact me off the board if you're interested.
The attack was 2.8Mpps and was potentially very large in traffic. Our figures are based on analysis from our routers. They are automatically calculated. There is no human intervention for error. The algorithm is fairly simple. It's possible, however, that your specific situation was impacted by some factor which misconstrued the rate. For example (and by no means the only or best possibility), if your sending side queued the traffic for about 1 second, the 2nd second would push it all at once and you'd have your ~60Kpps.
It's possible, however, that your specific situation was impacted by some factor which misconstrued the rate. For example (and by no means the only or best possibility), if your sending side queued the traffic for about 1 second, the 2nd second would push it all at once and you'd have your ~60Kpps.
60kpps every 2 seconds is still 30kpps.... *shrug*
Rate: 142,xxx Packets Per Second
Just checked again, still does it, different location different packet specs..
Originally Posted by krypttim
line rate gigE @ 64 byte packets is 1,488,095 ..
Correct you are. I'm so used to bits and bytes I divided by 1024 - it was 4am here, after all.