New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I am not going to keep comparing to hosts. My opinion regarding OVH is fairly well known. Given that I could probably name 2-3 attack types that go right through VAC based on my own experiences, I don't hold them in high esteem. There is a good reason we classify their protection as "Unlimited Basic Shared Protection" and only offer it as part of multihomed offerings (i.e there is a fallback).
People still get upset when we have to nullroute them ("its unlimited") because an attack goes right through VAC (permanently routed + pro). Of course we will write a firewall filter if possible, but usually its not (instead protocol drop / nullroute).
Pretty much the points relating to Voxilities network level IPS apply here as well. Its network level protection, and even more so its free (i.e cant complain when it doesn't work).
Note: Before anyone asks, yes their issues have been reported to their support. No, they don't care the ticket was auto-closed after about one month.
Now can we please get back on track
Thanks for the comparison, I've had some horrid Syn attacks that ovh and online.net pro cant stop
Voxility manages to stop the flood, however I have udp things also so its not much use. Money is no issue...
@linuxthefish - I am pretty sure I know the attack pattern you are talking about. Its available on a fairly large stresser and goes right through VAC. We maintain accounts just to produce patterns (and then rules). Sounds like Voxilities got a bit better since we tested them since we also had some issues with SYN floods being blocked but not allowing clean traffic through (too broad rule).
I am pretty sure I know the pattern OVH uses to match SYN attacks (its a common & simple pattern of attack) and it doesn't match 100% of SYN attacks as some scripts are a bit better than average. I could be wrong though, its a black box and I can only poke it from the outside to see how it behaves.
Fortunately It is not possible for us to work in locations where the network mitigation lets attacks through, it would be detrimental to all our clients on the server.
Although the servers are extremely hardened server it has its limits. We work very hard to ensure we have the best software possible (e.g custom iptables modules, specific kernel versions, custom patched network drivers, passive fingerprinting based filtering & pf_ring w/ libzero where available).
And why we only work with the best
Kinda offtopic but, what happened to the CDN
?
@drazilox Most of its code got used to build the multihomed server offering. Unfortunately there are already too many large players charging some pretty crazy prices. Plus, I think its better to focus on what we do best (DDoS Protection).
Ouch, the EU prices hurt!
love the service though, thumbs up!
Might put it on an LES service at some point.
@AnthonySmith
Yeah, sorry Hardware & bandwidth is just much more expensive in EU. We have long term plans to hopefully reduce prices in the future (6-12 mo). More subscribers = Cheaper prices for all. NL 4TB has dropped by $25/mo in the past 12 mo, and 8TB plans are now available (previously we didn't even give 8TB plan costs!)
I can usually do coupons for in NL for multiple services if required, nothing too crazy but everything helps. Especially on high bandwidth plans.
I would be happy to recieve a coupon.
@Cryck then happy you will be.
Would really like to see a coupon for the javapipe ro protection again. All the voxility resellers have packet loss all the time.
@tr1cky
Sorry that 40% coupon on release week last year was so very far below cost (I guess that's what you were referring to). We achieved sufficient fill on that network for now. Not looking to discount them currently.
By the way, its not JavaPipe's Protection offerings - we are a different company. We just have a share of the Riorey Cluster. Their offers are entirely different to ours
FYI Voxility did have a Global (or at-least I was informed that it wasn't just the Bucharest DC) outage a few days ago, and a 5-10 minute latency increase today that was across all services. Some kind of major routing mess up.
Incident 1:
Incident 2:
For the most part over the past year though they have been fairly good. But we aren't using their protection
I'm refering to such providers as blazingfast.io who can't even keep their nodes stable.
Looks like this: https://nodeping.com/reports/summary/02dxp2u3-fqds-4ryb-8dce-etoxnw462p26/744
I don't think that all these incidents are caused by voxility.
@tr1cky this is going a bit off-topic again so I shot you a PM.
We use Voxility for our DDoS protection in Telehouse North, London, they provide anycast protection for up to 600Gbps DDoS attacks (Nothing will likely ever be that high).
As for UDP foods, they do protect against this, we have no seen a single type of DDoS get through their filters and hit our network.
As our fibre from our data centre in Bristol us sub 3ms and Voxility has a PoP where our router is, we get a 1-3ms ping increase, which is nothing for the size of protection we gain.
We also NEVER null route, with Voxility, there is never a need to do that.
what exactly is custom about buying a few anycasted IPs from Sharktech?
http://www.webhostingtalk.com/showthread.php?t=1435364&highlight=Sharktech
Can it fix this?
Dec 15 06:25:07 sd-28347 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="2202" x-info="http://www.rsyslog.com"] rsyslogd was HUPedDec 15 06:25:07 sd-28347 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="2202" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Dec 15 06:50:21 sd-28347 kernel: [51546.420279] TCP: Possible SYN flooding on port 6970. Sending cookies. Check SNMP counters.
Dec 15 23:01:55 sd-28347 kernel: [109693.348258] device lo entered promiscuous mode
Dec 15 23:01:55 sd-28347 kernel: [109693.348292] device eth1 entered promiscuous mode
Dec 15 23:01:55 sd-28347 kernel: [109693.348322] device eth0 entered promiscuous mode
Dec 15 23:01:55 sd-28347 kernel: [109693.348351] device tun0 entered promiscuous mode
Dec 15 23:06:58 sd-28347 kernel: [109995.348926] bnx2 0000:02:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex, receive & transmit flow control ON
Dec 15 23:19:06 sd-28347 kernel: [110721.565896] device tun0 left promiscuous mode
Dec 15 23:19:06 sd-28347 kernel: [110721.565899] device eth0 left promiscuous mode
Dec 15 23:19:06 sd-28347 kernel: [110721.565905] device eth1 left promiscuous mode
Dec 15 23:19:06 sd-28347 kernel: [110721.565906] device lo left promiscuous mode
Dec 15 23:35:22 sd-28347 kernel: [111695.533176] Oversized IP packet from 195.20.195.41.
Dec 15 23:37:14 sd-28347 kernel: [111807.219331] Oversized IP packet from 195.182.159.142.
Dec 15 23:37:30 sd-28347 kernel: [111823.377797] Oversized IP packet from 195.91.140.22.
Dec 15 23:37:30 sd-28347 kernel: [111823.402083] Oversized IP packet from 195.91.140.19.
Dec 15 23:37:30 sd-28347 kernel: [111823.415319] Oversized IP packet from 195.91.140.162.
Dec 15 23:44:34 sd-28347 kernel: [112245.985089] bnx2 0000:02:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex, receive & transmit flow control ON
wanted to know if there would be a way to get a bundle deal looking at starting a small cdn.
We don't play in the same area, Sharktech provide network level mitigation. All those features listed including Layer7 mitigation, caching, in the case of Sharktech - the mitigation of floods <900mbps etc are our features.
Additionally ours include always on mitigation, amongst other features designed to give a higher quality of mitigation. For our customers mitigation is the main priority and not a useful addon.
@Zare - its going off topic again. From our experience UDP floods resulted overzelous filtering (clean traffic being dropped). We test all our locations extensively. Furthermore we have an official response from Voxility listing the locations where they have IPS filtering and UK was not on the list, nor do they offer 600Gbps - they advertise 500Gbps (Network Shared).
@linuxthefish Yes - That looks to be plain old TCP saturation, easy. Given the lack of SYN flooding messages its either against a non-open port (possible) or an attack vector with out of stream packets (e.g TCP-NOFLAG).
You may use the multihomed services as a bundle deal. Given the closest first is already implemented for it, its probably a "small cdn", particularly if caching is enabled. This coupon however does not cover multihomed offerings.
Are there any coupons discounts or pay as you go for multi-homed
@wojons Sorry. Multihomed services are only available on a monthly basis. Currently there are no discounts applicable for Multihomed services.