New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@PHP_Friends: if you no longer support Path, you might want to remove the option "PATH.NET - DDoS-Mitigation + DDoS-Manager" from your dedicated servers.
yea, we are working on a new site for php-friends.de
Hopefully soon also with the new servers
Who are Path.net, what do (did?) they do, and what are the implications of these suspensions on the rest of the internet?
It's going to be interesting reading about this once the dust settles. Where did they go wrong? Was it bad management, bad money management, bad investments?
First 2 as highlighted in the first discussion linked in the OP.
If you're interested in collaborating, we have our own in house DPDK eBPF filtering system thats pretty robust. We've built it out over the years but don't have a ton of bandwidth capacity for it to be super useful for any large(er) attacks.
On what services is that solution active?
we can offer it for dedicated servers only right now
Fair enough. Is there any ETA for VPS/Rootservers because I wouldn't mind switching from my PATH host back to german quality hosting.
write me please
Kinda new to LowEndTalk I have no clue where I can message someone tbh
DPDK and eBPF, how does that work?
Either click on the username and then on "Message", or in this case you could (I think) also contact them at [email protected].
Thanks
Memes for the people.
@LeeField please kindly update Path's peeringdb to latest & active IXes only
Send me some details, sounds cool.
Lee = Zigi
Not sure if he still works in path.net, but certainly not after posting that stuff on the first page xD
DPDK is used to process / forward the traffic. Rules are modular and can be written in eBPF or C (for more advanced rules) with PPS thresholds. When a PPS threshold for a certain rule is hit, it activates and traffic matching the rule will be blocked, until it falls below the threshold (when the attack subsides). We were able to hit full line rate on 80Gbps on a single E3-1240 v3 when we stress tested it a while back.
Sounds finicky to deal with, we do it with maps programmed through userspace Go based controlplane, logic being applied on demand - 400G per filter on Ryzen Threadripper 32-Core or some EPYC 🔥
Works fine for us, we've been running on this same box for years with no issues. The ruleset we have blocks 95% of attacks we see, and we just add rules as needed for more niche stuff. If we had more capacity we'd definitely upgrade the hardware.
Is your system not 'rule' based? Most attacks are blocked by our rules that just do generic checks for 'improper' traffic.
We do a mix of static logic matches combined with deep packet inspection and challenge response, customers can create rules (flexrules) through customer area, which are then spread across currently eleven global filters using an event based design. Means under a second for click on the frontend to rule deployment. In our case, customers can basically define any kind of a rule, matching source-ip-address space, prefix-lists, geoip details and things like payload at a certain byte offset, while applying various action methods such as whitelist with ratelimit, whitelist with ratelimit per client and so on - I think it's kinda complex what we run nowadays
I don't think there's any one right way to do it.
Null route = DDOS problem solved
Solves the attacker's problem and creates a new one for the customer
Writing filters manually sounds definitively wrong nowadays.
Without a doubt, but without doing a deep dive, this is all just assumptions.
Relying on defining filters is definatively wrong. Writing filters to deal with 90% of the stuff out there generated by basic scripts? Sure go nuts.
Assisting the attacker by taking down the services they are attacking entirely is essentially just amplifying their attack, since they're targeting specific services not a data center. It's understandable that hosts need to protect their network and prevent attacks from impacting unrelated customers if they have no actual mitigation capabilities, but you can't call it a solution.