Results 1 to 33 of 33
  1. #1

    DDOS Attacks - How??

    I want to understand the mechanics of a DDOS attack. I have been doing a lot of reading about them this weekend.

    The way I am understanding it, a DDOS attack is done at the network level. It may be requesting that pages from a given website, or websites, are served up, but it basically will effect the entire network. So if 'page display' requests are made to a website(s) that is hosted at ABC Hosting (example only), to the tune of 15GBs then I have to assume that the network will be terribly degraded. If that is so, wouldn't other servers also get taken out?

    I believe the architecture of the internet is something like this (example only):

    Gnax --> Planet, SoftLayer, RackSpace, etc.. --> Reseller --> Smaller Reseller --> Me

    If that is true, is each level along that route using their own networking system or are they all dependent on ones that major Data Center uses?

  2. #2
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    DDoS attacks rarely affect the entire provider. The most common ones will only impact your server's ability to serve requests due to high request loads that are difficult to differentiate at the network level. This is the new trend for 2009, i'm sure we'll see something different in 2010.

  3. #3
    I know that the way the begin is that a person gets people on the internet to download a virus; ie. You go to visit a website that you normally go to everyday and you get this message - "We have detected the xyz virus on your computer, please go here (or stay here) and download this software to counteract this" (or something similar)

    Now, the unknowing download the software and it may, or may not, pretend to 'clean' your computer when it executes. But, what it has actually done is download a virulent virus on your computer. This virus stays resident until 'they' need it to attack. When 'they' do, it is activated for a short time and from what I have read, usually 'self destructs', along with your computer (wipeout time).

    But, what route does the attack take and how does it know what the specific target is; or aren't they that specific? If they are not that specific, and if they are very large, will it effect everything in that route.

    ie: The US and Korean government attack a couple of weeks ago. I have to assume that all governments have their own data centers and specialized networks, but why did some government agencies feel the effect of the attack, while others did not?

  4. #4
    Join Date
    Jun 2005
    Location
    New Jersey
    Posts
    219
    Here are a few links that may help increase your understanding.

    http://en.wikipedia.org/wiki/Ddos#Distributed_attack

    http://royal.pingdom.com/2009/03/10/...a-ddos-attack/

    Hope those help!
    Plutomic Hosting
    Empowering Your Web Ventures
    In Business Since 2005
    Specializing in Web Hosting, VPS, Managed Dedicated Servers and Managed Colocation

  5. #5
    That definitely tells me more info, but does not totally end my questioning. Okay, if I am a hosting company, I don't normally have 'hands on' physical ownership of the box that my accounts are on. They are in a huge data center or rackspace provider somewhere and I, and my customers, have to access them through networks.

    So, I can be working on my computer and my neighbor is working on his. Depending on what our ISP provider is using, we might be using route maps. And, even if we are using the same provider, our website browsing will at some point take us through totally different routes along the way (unless we are weird enough to be visiting exactly the same websites at the same time.)

    Okay, so say I am one of those poor slobs that downloaded a virus on my machine, unknowlingly and now I become a pawn of the DDOS attacker. And, say my neighbor, who uses a different ISP than I also visited that same website and downloaded that same virus. Now, the attacker activates all his little pawns. They travel down different routes until when?

    I am assuming that the routing in the US uses some major hubs. If I use a tracert to look at what network my own computer uses to travel to a website, I can see IP numbers along that route. I have always assumed that these are different physical places, like a hub center. Eventually, though, most routing winds up at one of the major data centers.

    Are there hundreds of main hubs going into these data centers, or at some point does the internet routing go down to one of two main hubs before entering the data center? Are there physical locations in between where the hosting resellers or larger providers have physical access to one of the hubs? Or is it all network controled?

    I am thinking about the size of the government attack (40 - 60GB/s). They must have their own private routing network. Is that right? Now, what if I am not the government and a very large attack is started at my the little pawn computers? At what threshold will it actually jam up a network hub along the route?

    Are these network routes controllable by the data center or hosting companies, so that if they see a hub 'clogging up', they can switch the routing of their traffic?

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by lanesharon View Post
    That definitely tells me more info, but does not totally end my questioning. Okay, if I am a hosting company, I don't normally have 'hands on' physical ownership of the box that my accounts are on. They are in a huge data center or rackspace provider somewhere and I, and my customers, have to access them through networks.
    It depends on the provider and how they decide to go about doing things. Some providers choose to own their own hardware and colocate it in a facility where their own staff can handle and repair the boxes. Some providers colocate into facilities where the facility staff will handle repairs and other hands-on issues which may or may not be included in the fee. Some providers simply lease hardware in a data center where there is no required hands-on. As to which one the provider uses is entirely up to you just as what type of car you drive is up to you. Both a Ford Tempo and a Chevy Camaro will get you from point A to point B, it's up to you as to which one you would prefer.

    Quote Originally Posted by lanesharon View Post
    So, I can be working on my computer and my neighbor is working on his. Depending on what our ISP provider is using, we might be using route maps. And, even if we are using the same provider, our website browsing will at some point take us through totally different routes along the way (unless we are weird enough to be visiting exactly the same websites at the same time.)
    Your traffic is *always* routed no matter what ISP you are using or where you are browsing from but you are correct in that your neighbor on a different IP could end up on a totally different route. I know that my traffic from Central Indiana to SoftLayer in Dallas routes almost entirely over Comcast's backbone where as when I access the same services via my Cellular 3G connection through AT&T it takes an entirely different route.

    Quote Originally Posted by lanesharon View Post
    Okay, so say I am one of those poor slobs that downloaded a virus on my machine, unknowlingly and now I become a pawn of the DDOS attacker.
    You really shouldn't put much blame on the end user - many of these viruses and trojans are built to exploit issues in software such as IE6, IE7, IE8, and FireFox before they can be patched. If you are browsing with an outdated browser or an outdated operating system and you are running a virus scanner you can still end up infected. Nothing is perfect and it is bound to happen to people from time to time - however I will admit that it happens most often to those that are not as computer literate as others.


    Quote Originally Posted by lanesharon View Post
    And, say my neighbor, who uses a different ISP than I also visited that same website and downloaded that same virus. Now, the attacker activates all his little pawns. They travel down different routes until when?
    If the "bots" are activated to do something such as attacking a web site - then this is what they do until they are taken offline or told to do something else.

    Quote Originally Posted by lanesharon View Post
    I am assuming that the routing in the US uses some major hubs. If I use a tracert to look at what network my own computer uses to travel to a website, I can see IP numbers along that route. I have always assumed that these are different physical places, like a hub center. Eventually, though, most routing winds up at one of the major data centers.
    The IPs that you see along the way are different routers that your traffic hits before being dispatched to a new location along the route.

    Quote Originally Posted by lanesharon View Post
    Are there hundreds of main hubs going into these data centers, or at some point does the internet routing go down to one of two main hubs before entering the data center? Are there physical locations in between where the hosting resellers or larger providers have physical access to one of the hubs? Or is it all network controled?
    I am not sure what you are asking here - but basically every data center runs what is called BGP which is border gateway protocol - if you want to do some research on that it may help to answer your questions. As for the routing - there are just routers on the backbones of the internet that switch you from one particular path to another on the fly as the network demands and the routers in the middle couldn't care any less whether you were connecting to a data center or simply your neighbor.

    Quote Originally Posted by lanesharon View Post
    I am thinking about the size of the government attack (40 - 60GB/s). They must have their own private routing network. Is that right? Now, what if I am not the government and a very large attack is started at my the little pawn computers? At what threshold will it actually jam up a network hub along the route?
    It won't jam up a network hub simply due to the fact that the attacks are simply small packets coming from all around the country or the world. The congestion comes at the data center level when all of those packets begin to hit the same location and depending on the size of the attack and the capabilities of the data center it may or may not slow down overall operations.

    Quote Originally Posted by lanesharon View Post
    Are these network routes controllable by the data center or hosting companies, so that if they see a hub 'clogging up', they can switch the routing of their traffic?
    The issue isn't "clogging along the way" the issue is once all of the attack is concentrated at the end.

    If you look at it as the network of highways in the US and every interchange is a router...

    If an attack was launched from every coastal city to say somewhere in the middle of the US - congestion wouldn't really happen until you got to the destination city as before that there was a lot of different routes and roadways to hold that traffic. Once it gets consolidated down to the few roads in and around the target city things begin to become congested.

    I hope I have helped and if you need anything I have said clarified just let me know
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  7. #7
    Here is an image of Cogent's network architecture:
    http://www.cogentco.com/img/other/networkmap_large.jpg

    So, say I am in Orange County, CA and I want to access a website that is actually stored on a computer in Dallas TX. From this network map, there would be two routes to Dallas. Minimum of 9 physically stopping places along the way. I assume, my router, to my ISP, to San Diego, to Phoenix, yada yada.....

    So, in this case, if something stored at the GNAX center in TX is the target, at some point all computers using the Cogent network would have to be routed through Tulsa or Austin. Would a huge attack not clog up at those hubs prior to making it to the Data Center?

    Are these physical places that have network hubs? If so, in a large attack, would they be overloaded before they ever even hit the data center? Or is this too simplistic of a network picture? Is it truly much more complicated than this?
    Last edited by lanesharon; 08-03-2009 at 07:54 PM.

  8. #8
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    You are looking at this as though an entire attack is going from point A to point B.

    The reason for it being called a DDoS instead of a DoS is because it's a Distributed Distruption of Service attack.

    A DoS is from Point A to Point B where as a DDoS is from 1,000 or more points to point B. This is what makes blocking it so difficult as well not to mention the data comes from all different places around the world - there is no real congestion until the data gets to it's destination because really that's the only place all of the routes have in common in most cases.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  9. #9
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,622
    Quote Originally Posted by lanesharon View Post
    Here is an image of Cogent's network architecture:
    http://www.cogentco.com/img/other/networkmap_large.jpg

    So, say I am in Orange County, CA and I want to access a website that is actually stored on a computer in Dallas TX. From this network map, there would be two routes to Dallas. Minimum of 9 physically stopping places along the way. I assume, my router, to my ISP, to San Diego, to Phoenix, yada yada.....

    So, in this case, if something stored at the GNAX center in TX is the target, at some point all computers using the Cogent network would have to be routed through Tulsa or Austin. Would a huge attack not clog up at those hubs prior to making it to the Data Center?

    Are these physical places that have network hubs? If so, in a large attack, would they be overloaded before they ever even hit the data center? Or is this too simplistic of a network picture? Is it truly much more complicated than this?
    Much more complicated then this.

    1) Usually attacks are formed with thousands of people, not one.
    2) In most cases, it won't take Cogent the entire way, it'll take Cogent and then hand it off to someone else.
    StableHost .:. Unlimited web hosting done right. Experience the unlimited difference.
    PingThat .:. Is your website down? Find out now with our QuickChecker technology.

  10. #10
    But, is there a network hub that ALL traffic has to go through before getting to the data center? Say, if I am going to the GNAX facility itself (physically). And, it was at, say 1000 Smith St, Dallas. Is there one or two main hubs just prior to getting there?

    I am asking these questions to see. Is it more important to have some kind of DDOS protection on the network, BEFORE it gets to the Data Center, or at the Data Center level?

  11. #11
    Here is a product that says that you can stop DDOS before it even gets to the data center, by protecting the network.
    http://dragonara.net/img/view.gif

    I am assuming, to use anything like this, you must have a dedicated IP address. Am I right? At least, with a dedicated IP, you know exactly if it is you being hit or not. If I am a guy trying to make money, and tracking ddos traffic, it would be easy to extort money by claiming that I am the person responsible for xyz ddos attack. Pretty simple way to make a few bucks.

    I don't doubt that the criminal minds of the internet share a beer with one another, and stories of sucessful ventures. All that hosting companies seem to have right now is the word of a criminal that they are the person who is doing the attack and that they are targeting xyz.com. Doesn't seem like a very reliable way to know, for sure.

    Is there truly any way to stop a website from being attacked? Or any data center? Or any network? There has to be some way of doing it, cause the government did it!!

    Is there any way of honestly assessing who the target is if you are on shared hosting (which most website are these days). If I am targeting GNAX Dallas, then I can say it is xyz.com website that I am targeting and try to extort from the reseller responsible for xyz.com. And, I can have my buddy call another reseller and tell them that it is abc.com that I am targeting. So, is there a way to track all the way down to the end website? If there is a way to track it, then is there a way to stop it from hitting that website?

  12. #12
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by lanesharon View Post
    But, is there a network hub that ALL traffic has to go through before getting to the data center? Say, if I am going to the GNAX facility itself (physically). And, it was at, say 1000 Smith St, Dallas. Is there one or two main hubs just prior to getting there?

    I am asking these questions to see. Is it more important to have some kind of DDOS protection on the network, BEFORE it gets to the Data Center, or at the Data Center level?


    Networks may have peers agreements, diverse routes to get to any location and multiple redundancies in equipment. So they can work around issues and outages.

    So a packet may have to be routed around but it doesn't have only one path.

    As for you question. I'm not sure. From what I understand a combination of working with ones upstream providers, peers and having protection at the DC level and even the server may possibly be needed depending on the attack.

    Keep in mind this is very expensive and time consuming.

    Quote Originally Posted by lanesharon View Post
    Here is a product that says that you can stop DDOS before it even gets to the data center, by protecting the network.
    http://dragonara.net/img/view.gif

    I am assuming, to use anything like this, you must have a dedicated IP address. Am I right? At least, with a dedicated IP, you know exactly if it is you being hit or not. If I am a guy trying to make money, and tracking ddos traffic, it would be easy to extort money by claiming that I am the person responsible for xyz ddos attack. Pretty simple way to make a few bucks.

    I don't doubt that the criminal minds of the internet share a beer with one another, and stories of sucessful ventures. All that hosting companies seem to have right now is the word of a criminal that they are the person who is doing the attack and that they are targeting xyz.com. Doesn't seem like a very reliable way to know, for sure.

    Is there truly any way to stop a website from being attacked? Or any data center? Or any network? There has to be some way of doing it, cause the government did it!!

    Is there any way of honestly assessing who the target is if you are on shared hosting (which most website are these days). If I am targeting GNAX Dallas, then I can say it is xyz.com website that I am targeting and try to extort from the reseller responsible for xyz.com. And, I can have my buddy call another reseller and tell them that it is abc.com that I am targeting. So, is there a way to track all the way down to the end website? If there is a way to track it, then is there a way to stop it from hitting that website?
    I'm sure there is as it has been done. I would assume it would have to do with what content is be requested.


    But from what I understand of it. You can't simply fully stop this from happening.

    Dos /D DoS attacks are hard to stop because they are using a legitimate service to do harm.

    the only way you could not have the website touched by any malicious traffic at all is to null route or take the website off line. It may be possible for a DDoS provider to prevent this or but I'm unsure if they could prevent it 100%.

    At least to the best of my knowledge.
    Last edited by ShaunH; 08-03-2009 at 09:07 PM.

  13. #13
    Join Date
    Aug 2008
    Location
    San Francisco
    Posts
    2,410
    Quote Originally Posted by lanesharon View Post
    Is there truly any way to stop a website from being attacked? Or any data center? Or any network? There has to be some way of doing it, cause the government did it!!
    A DDoS is as predicatable someone trying to shoot you. There is no way to stop one and way to know one is coming. The US Government is quite different from your site. They have the resources and power to do stop such an attack. However, they were down for about 3 days before they were able to bring all systems back online. You may want to look at GigeServers you will get the GigeNet network and their DDoS Protection.

  14. #14
    Shaun,
    So, if the network hub starts to clog up, they just simply use another route? I am chuckling, because I would want to know why I am clogging up, not just that I am clogging up.

    I understand that it is expensive, but I would think that this expense should be paid for by the large data centers and networks, not the little guy trying to host a website.
    Last edited by lanesharon; 08-03-2009 at 09:16 PM.

  15. #15
    GCM,

    I am finding out that many hosting companies tout protection, but do they actually do it. And, that protection costs lots of money for the little guy. It doesn't seem right when all that may be needed is protection at the hub and the data centers. Or am I way off base here?

    If there is protection that actually works well, then why not at the Data Center. It would be a great selling point for website owners and resellers alike? Why does each website owner have to pay to protect a site and databases that are housed at a data center? I mean, I am thinking, this DDOS protection can be a real lucrative business because it is still geared to the end user. And, the protection is really at the data center. Or maybe I am wrong about that.
    Last edited by lanesharon; 08-03-2009 at 09:17 PM.

  16. #16
    Join Date
    Aug 2008
    Location
    San Francisco
    Posts
    2,410
    Quote Originally Posted by lanesharon View Post
    GCM,

    I am finding out that many hosting companies tout protection, but do they actually do it. And, that protection costs lots of money for the little guy. It doesn't seem right when all that may be needed is protection at the hub and the data centers. Or am I way off base here?

    If there is protection that actually works well, then why not at the Data Center. It would be a great selling point for website owners and resellers alike? Why does each website owner have to pay to protect a site and databases that are housed at a data center? I mean, I am thinking, this DDOS protection can be a real lucrative business because it is still geared to the end user. And, the protection is really at the data center. Or maybe I am wrong about that.
    DDoS Protection isn't the cheapest thing to offer. A majority of data centers have Arbor Peak Flow and or Tipping Point to detect an attack then the client is usually placed behind cicso guard. The offending IPs can be blocked at the carrier level which I think you referring to as the hub is usually done at the data center. GigeNet's DDoS System probably works compared to others, I've never personally have seen it in action however. WHT is using it too.

  17. #17
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by lanesharon View Post
    Shaun,
    So, if the network hub starts to clog up, they just simply use another route? I am chuckling, because I would want to know why I am clogging up, not just that I am clogging up.

    I understand that it is expensive, but I would think that this expense should be paid for by the large data centers and networks, not the little guy trying to host a website.
    You need to remember that DCS are business just like anyone else. Most have basic measures to prevent attacks. But at the end of the day they don't focus on that a main point of their business.

    The problem with the networks and the DCs pay ing for it all is it would probably bankrupt some hosts to not charge a fee for "high level DDoS protection." You have to remember they pay for bandwidth, man power, and mitigation devices and they also have many other expenses.

    It costs money for them to deal with these problems.


    Quote Originally Posted by lanesharon View Post
    GCM,

    I am finding out that many hosting companies tout protection, but do they actually do it. And, that protection costs lots of money for the little guy. It doesn't seem right when all that may be needed is protection at the hub and the data centers. Or am I way off base here?

    If there is protection that actually works well, then why not at the Data Center. It would be a great selling point for website owners and resellers alike? Why does each website owner have to pay to protect a site and databases that are housed at a data center? I mean, I am thinking, this DDOS protection can be a real lucrative business because it is still geared to the end user. And, the protection is really at the data center. Or maybe I am wrong about that.

    Again your forgetting the overhead of having the ability and expertise to mitigate these attacks. The huge amount of bandwidth and infrastructure needed. The man power to do all the work.

    I don't think most DCs can justify that price increase or the extra work load.

    Also simply having protection at the network level is n' always enough it may also require custom solution for each attack / customer again this costs money.

    As for profitability I have no bases to make any assumptions on that front.

    Also it may simply not be the type of clients a DC may want to attract.

  18. #18
    I would think that the DC's would provide a premium service, distributed over everyone, it would not be so expensive. Kind of like a car insurance company. If I were the only person paying for insurance, on the road, it would be very expensive. But, if everyone pays, then it is less expensive. Maybe that is not such a good analogy!! Or, actually, maybe this is an excellent analogy.

    If I were an organized DDOS attacking group, I would also sell my DDOS prevention services. LOL

    I have just found out that anyone can be the object of an attack. You don't have to be a 'specific type'. And, when they hit at a server level, then everyone is affected, who is on that server.

    Sounds to me like these DDOS attacks are in a way being condoned, not condemned. Yup, the wild, wild, West.

    Is there anyway, short of turning over your paycheck, to avoid them? And, even then, there are no guarantees it seems.
    Last edited by lanesharon; 08-03-2009 at 09:43 PM.

  19. #19
    Quote Originally Posted by GCM View Post
    GigeNet's DDoS System probably works compared to others, I've never personally have seen it in action however. WHT is using it too.
    I don't see anything on their website that tells me at what level they stop protecting. Can you steer me in that direction?

  20. #20
    Join Date
    Aug 2008
    Location
    San Francisco
    Posts
    2,410
    Quote Originally Posted by lanesharon View Post
    I don't see anything on their website that tells me at what level they stop protecting. Can you steer me in that direction?
    It's done at the network layer. http://www.gigenet.com/ddos-protection.html If you do get a server get it through GigeServers as they include the protection free unlike GigeNet. Same company though.

  21. #21
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by lanesharon View Post
    I would think that the DC's would provide a premium service, distributed over everyone, it would not be so expensive. Kind of like a car insurance company. If I were the only person paying for insurance, on the road, it would be very expensive. But, if everyone pays, then it is less expensive. Maybe that is not such a good analogy!! Or, actually, maybe this is an excellent analogy.

    If I were an organized DDOS attacking group, I would also sell my DDOS prevention services. LOL

    I have just found out that anyone can be the object of an attack. You don't have to be a 'specific type'. And, when they hit at a server level, then everyone is affected, who is on that server.

    Sounds to me like these DDOS attacks are in a way being condoned, not condemned. Yup, the wild, wild, West.

    Is there anyway, short of turning over your paycheck, to avoid them? And, even then, there are no guarantees it seems.
    its not about condoning anything its about having the captial and man power to offer the service.

    lets imagine for a sec a DC gets hit with multiple DDDoS attacks at the same time.

    Say 10 customers get with a get 1 gig attack combined up to a ten 10gig attack you could imagine variants of this and it could easily scale upwards.

    Then the question becomes how much can your infrastructure take and how much man power do you have.

  22. #22
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Sharon, I would advise you to get in touch with Cisco to inquire as to what one Cisco Guard unit costs. You will find very quickly that offering that sort of protection to an entire data center on a 24/7 basis is simply not feasible.

    Another issue is that many DDoS attacks simply look like a web site getting a huge amount of visits in a short amount of time. How would you like it if your site got listed on dig.com and began getting hundreds of visitors per second and then suddenly all of those visitors were blocked because the traffic looked suspicious.

    There is a delicate balance between protecting your services and blocking legitimate traffic.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  23. #23
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,622
    If you're not willing to spend over $1000/month, don't bother with this.

    Thank you.
    StableHost .:. Unlimited web hosting done right. Experience the unlimited difference.
    PingThat .:. Is your website down? Find out now with our QuickChecker technology.

  24. #24
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,622
    Quote Originally Posted by MikeDVB View Post
    Sharon, I would advise you to get in touch with Cisco to inquire as to what one Cisco Guard unit costs. You will find very quickly that offering that sort of protection to an entire data center on a 24/7 basis is simply not feasible.

    Another issue is that many DDoS attacks simply look like a web site getting a huge amount of visits in a short amount of time. How would you like it if your site got listed on dig.com and began getting hundreds of visitors per second and then suddenly all of those visitors were blocked because the traffic looked suspicious.

    There is a delicate balance between protecting your services and blocking legitimate traffic.
    You can get them used for 10k.


    http://shop.ebay.com/?_from=R40&_trk...All-Categories
    StableHost .:. Unlimited web hosting done right. Experience the unlimited difference.
    PingThat .:. Is your website down? Find out now with our QuickChecker technology.

  25. #25
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by nerdie View Post
    Yeah, you can get them directly for $20k each refurbished or on eBay for less. The point I was trying to make is that they are expensive and to have enough to protect all connections at a DC at all times would not be a cost that would be feasible.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  26. #26
    Join Date
    Aug 2008
    Location
    San Francisco
    Posts
    2,410
    Quote Originally Posted by MikeDVB View Post
    Sharon, I would advise you to get in touch with Cisco to inquire as to what one Cisco Guard unit costs. You will find very quickly that offering that sort of protection to an entire data center on a 24/7 basis is simply not feasible.

    Another issue is that many DDoS attacks simply look like a web site getting a huge amount of visits in a short amount of time. How would you like it if your site got listed on dig.com and began getting hundreds of visitors per second and then suddenly all of those visitors were blocked because the traffic looked suspicious.

    There is a delicate balance between protecting your services and blocking legitimate traffic.
    Sharon, try thinking a cisco guard is a brand new BMW or Lexus. http://www.consumerdepot.com/productstd.asp?id=10214892. You will regret your thoughts of "sharing the cost".

  27. #27
    Join Date
    Jun 2006
    Location
    NYC
    Posts
    1,446
    Cisco Guard is really not that great for the cost. We've seen better luck with Intruguard devices or OpenBSD configurations.
    FiberPeer.Com | | REAL DDoS Protection | Cloud Hosting | VPS | Dedicated Servers | High Bandwidth Hosting | 1Gbps-10Gbps Unmetered
    FiberPeer DDoS Mitigation | ethProxy Upgraded! | 14-Years Experience | Emergency 24/7 Support
    Visit us @ www.fiberpeer.com

  28. #28
    Quote Originally Posted by serverorigin View Post
    Cisco Guard is really not that great for the cost. We've seen better luck with Intruguard devices or OpenBSD configurations.
    Looks like IntruGuard is actually a data center usage product. Am I right? Do you know of any data centers using it for their reseller host accounts? That might be a way to go if those resellers use it to protect shared or VPS hosting accounts.

  29. #29
    Quote Originally Posted by MikeDVB View Post
    Yeah, you can get them directly for $20k each refurbished or on eBay for less. The point I was trying to make is that they are expensive and to have enough to protect all connections at a DC at all times would not be a cost that would be feasible.
    Would the data centers have to use a separate unit for each server drive, or rack of drives, or ????

  30. #30
    Honestly, I just have an inclination that since the DDOSers seem to be going for long periods of time without getting caught, it will happen much more often. While reading about the government attack in early July, I could see that even well known internet security companies are strongly disagreeing on where that attack originated.

    If a criminal element can operate 'under the radar', it may become the tool of choice for extorting money and any number of things. The more they get away with it, the more emboldened they will become. The easier it is for one, or more, the more attractive it will become for others that may follow in their footsteps.

    I am trying to put my thinking cap on about how this could be resolved in the future, if this happens (and I totally expect it to happen). Cost may seem exorbitant right now, but may actually become a necessity for any data center or hosting company, in the near future. Ignoring it will not make it go away. There has got to be some mechanism where the cost of these protective devices and software can be spread out and shared.
    Last edited by lanesharon; 08-04-2009 at 12:59 AM.

  31. #31
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Most of these attacks are centered around command and control centers - if you take out the C&C then the bots don't get commands from anywhere. Of course an organization that does this for their livings is likely going to have a fall-back plan or another C&C center to bring online.

    I guess it wouldn't be such a problem either if everybody ran up to date software and virus scanners were better than they are.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  32. #32
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by MikeDVB View Post
    Most of these attacks are centered around command and control centers - if you take out the C&C then the bots don't get commands from anywhere. Of course an organization that does this for their livings is likely going to have a fall-back plan or another C&C center to bring online.

    I guess it wouldn't be such a problem either if everybody ran up to date software and virus scanners were better than they are.
    And people actually knew how to manage a vps or sever.

    I don't know how many times I've seen people on WHT get an unmanaged service and have no knowledge of how to mange their environment.

    People need to be willing to pay for it too.

  33. #33
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    I have seen Virtual Private Servers and Dedicated Servers turned into Command & Control servers as well. It's unfortunate really.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

Similar Threads

  1. DNS DDoS Attacks
    By HR Development in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-09-2008, 06:26 AM
  2. Ddos Attacks
    By SpeedHostingDaniel in forum Systems Management Requests
    Replies: 2
    Last Post: 05-06-2007, 02:50 PM
  3. Replies: 7
    Last Post: 01-17-2007, 12:49 PM
  4. Ddos attacks: what to do against it?
    By Miklo in forum Hosting Security and Technology
    Replies: 20
    Last Post: 09-05-2006, 02:26 PM
  5. DDoS Attacks and What to do.
    By eil1 in forum Hosting Security and Technology
    Replies: 17
    Last Post: 05-27-2004, 12:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •