DDOS Mitigation

Discussion in 'Hosting Advice' started by ToxicProfessor, Mar 14, 2016.

  1. What are your opinions on: http://inabate.com/services.html

    Also some questions:
    How much bandwidth should I get from them.
    What are the public IPS?
    How many do I need?
    How much per 1TB can it handle an attack?
     
  2. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    It's mitigation, not migration. Also if you want to save money get one of the OVH Game servers, $79 and I haven't had any attacks take down game servers behind them. I have dozens of them, so I can say it works well despite other people denying.
     
  3. Sorry on my phone auto correct, I currently run the server you just stated, but wouldn't more protection be best since its OVH?
     
  4. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    I'm not sure what you mean. If you're talking about adding GRE tunnels or something across multiple networks, that's just a bad idea in my opinion since you're adding multiple points of failure, but some people love it. I don't personally.
     
  5. Well what's your best thing to do, I know your an expert ;)
     
  6. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    I would never consider myself an expert, I just know my experience with OVH's game mitigation has been very good, so I was recommending you to use it if you weren't already.
     
  7. joehot200

    Supporter

    My experience with OVH's mitigation, and the hosting company in general (claiming 5Mbps of outgoing traffic was a "DDoS attack" and suspending the server), has been extremely poor. Although I would not recommend OVH in general, DDoS protection is definitely something I would not recommend them for, as many attacks can easily go through their protection, especially for more complex attacks.
     
  8. JamesJ

    Supporter

    Depends if you're already being attacked, if you are, I'd suggest moving to a DDoS protected host (i.e OVH, Psychz, etc).

    Otherwise, you could look into ProxyPipe (https://proxypipe.com/).
     
  9. joehot200

    Supporter

    Still not sure why nobody has suggested Intreppid or ReliableSite yet. Intreppid has the best DDoS protection (No packet loss or false kicks), and ReliableSite with 5x 10Gbps protection is almost impossible to be taken down if round-robin'd.
     
  10. JamesJ

    Supporter

    lol, funny.

    Intreppid, owned by Staminus.
    http://gizmodo.com/hackers-broke-into-a-security-company-and-stole-the-kkk-1764343816
    http://arstechnica.com/security/201...s-leave-tips-when-running-a-security-company/
    Huh, that's interesting?

    The fact that Staminus' mitigation is pretty poor, once you get to any sort of serious size you start getting false positives (source: large server owner whom is protected by Staminus - they hate it).

    ReliableSite, you can't RR 5 IPs if they all go to the same machine directly (that's not how that works..). And 50Gbps is possible to take down, more than possible (500Gbps, 400Gbps, 602Gbps, 400Gbps, Christ's sake I've seen MC servers get hit with 200Gbps). The only service which I would say is impossible to take down is VeriSign, that's the only company I would label as "impossible to takedown".

    I've always avoided ReliableSite since a few of my/our (who I used to work for) dedis were getting 70% packet loss, and they refused to give SLA as it was an "upstream issue" and out of their control..
     
    • Like Like x 2
    • Agree Agree x 2
  11. @joehot200 As matter of fact, you were included in the breach last week. How you can vouch for a company with such poor internal security is surprising. [​IMG]
     
    • Informative Informative x 1
  12. MikeA

    MikeA Retired Moderator
    Retired Benefactor

    Never had that problem here, sucks for you I guess.
     
  13. joehot200

    Supporter

    So what? Why do I care if I had my email leaked? Oh eek, hackers got my email, gotta hate my host now.


    Back when I used to have 70+ players online, Intreppid was the best protection I ever had. OVH's was forever letting DDoS traffic through and taking me down, and everybody else I tried had either issues with packet loss or letting attacks through.

    Why do I care about a hack? Sure, they goofed and got hacked, but that's happened all the time. I don't see you talking bad about OVH, and yet they're there too:
    [​IMG]

    And again, why do I care? All that happened was my email got leaked and some annoying person sent me an email. Not a big deal.


    Yes, but consider that 5 x 10Gbps is a hard nut to crack for your regular idiot. Not only do you need to attack multiple IP addresses at once (which I will point out that a lot of average attackers do not have the ability to do), but it's also quite a large amount, especially considering that you're getting it for free with the server. Tell me another host that gives you 50Gbps of protection along with a dedicated server for just $59/month. I'm waiting. And don't say OVH, as their protection is terrible.

    Of course, bigger servers should buy more mitigation, but for smaller servers, it is quite sufficient.

    And yes, you can RR 5 IPs if they go to the same server. That is how it works, and I am doing it right now.
     
  14. PhanaticD

    Patron

    I have used
    OVH, intreppid, and round robin reliablesite

    each host for months at a time

    and I can say with confidence OVH is the way to go by a long shot
     
    • Like Like x 1
  15. I was getting ddos'd non stop on my old hosts, Changed to OVH and haven't had a problem since. Sometimes i look in my email to see automated emails saying I've been ddos'd and we don't event realize its happened.
    Love OVH so far
     
  16. JamesJ

    Supporter

    Yes, you can RR IPs, of course you can, however if you get hit, it wont do anything extra for you. That's not how the mitigation works.
    The protection is cumulative, it nulls at 10Gbps going through your router/interface, not through one IP.
    You're not getting 50Gbps of protection, you're getting 10.
    You have 50Gbps of nulling capacity, not mitigation capacity.

    By that logic, when I got a /29 from Psychz, and my server had 40Gbps of DDoS mitigation, I had 1280Gbps (32*40) of DDoS protection? No.

    https://www.whatsmydns.net/#A/endcraft.net
    All I have to do is hit off one of your IPs, and your subnet is null routed.

    One host that gives out good protection is Psychz, you can get 40Gbps DDoS protection for free (not 10Gbps on your IPs, 40Gbps protection), and you can upgrade to 100Gbps...

    And what the fuck.. What the actual fuck.. Never have I heard such stupidity in a line.
    "So what if they got hacked".
    I am lost for words.
    Why wouldn't you care if they were hacked?
    Your email, your password, your banking/paypal details, IP addresses, server root logins, all of that information, now easily accessible.

    Please look at the photo that was posted, he blanked out your hashed password. Chances are, Staminus were probably using some shit hashing algorithm too, wouldn't surprise me if they were using md5 for hashing passwords.

    I am honestly lost for words...

    And 70 players wasn't the sort of "large" numbers I was talking about, I was talking about in the thousands, the tens of thousands..
     
    #16 JamesJ, Mar 14, 2016
    Last edited: Mar 14, 2016
  17. RSNET-Radic

    Supporter

    You're referring to the network wide packet loss that Comcast had? Of course we can't give you SLA for their congestion. This has long been resolved as we have been working toward setting up alternate paths when that happens (as their techs are completely clueless...). If you previously had service with us, I'll be more than glad to offer you a free month to show you that the network performs far better than our competition. In addition, we'll pretty much beat anyone's prices (as long as they are a registered entity and have been around for a while).

    We now offer up to 100 Gbps of DDoS protection. Less than 0.01% of the attacks that we see exceed 50 Gbps. We have seen some large attacks, but those botnets flurry out pretty quickly nowadays.
     
  18. JamesJ

    Supporter

    I'm not sure what the actual issue was in the end, I just remember that you had severe packet loss and then when we asked for SLA, you (your staff) claimed it as "upstream issues" hence we couldn't get any SLA credit. We were down for like 9 hours because of it.

    And I appreciate the offer, however I'm no longer worked for that business so I can't really say yes/no.