Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


DDOS and real traffic
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

DDOS and real traffic

SaahibSaahib Host Rep, Veteran

Hi,

I have a website on dedicated box, however my provider keeps it nullrouting saying that its facing DDOS..

Here the message they sent last time:
Your IP address xxx.xxx.xxx.xxx is still currently in null route due to DDOS or huge traffic flow. It was about 68000 Pps 38 Mbps.

So it means I am receiving 68000 packets per seconds which cost total 38 mbps bandwidth.. right ?

What if its real traffic because currently site is seeing some promotion through various channel and this server comes with 100mbps port.

Looking it logs, all I see legit traffic (ofcourse can't go analyise many thousands of lines individually)

So, my provider is fuzzing me for real traffic as DDOS ?

Btw, suggest some good offline analyser for Apache logs.

Comments

  • Time to move hosts :)

  • SaahibSaahib Host Rep, Veteran

    So its just 38mbps traffic ..right ?

    Thanked by 1Stacy
  • Yea, sounds that way... I wouldn't be happy if I were you...

  • 68000 pps is nothing...

    Thanked by 1MisterHost_NET
  • MaouniqueMaounique Host Rep, Veteran

    linuxthefish said: 68000 pps is nothing...

    For a DDoS. It is still DDoS, because I dont know any legit app (only pay-tv card sharing apps come close and those are illegal) which needs 68k pps, especially not a website. He is probably attacked by some kid with a home connection or a low-end VPS.
    For an 100 mbps port is not small, 1 Gbps port servers choke on 200 mbps and 200k pps, packet loss starts to appear and no provider will be happy about that. Besides, DDoSes grow if you do not null the IP, the kid will probably go for a "professional" service and create issues with the DC and the carriers. If you have a troublemaker and you dont offer protection or he is unwilling to buy it, you need to send him elsewhere where he can be protected for free, such as to OVH.

    Thanked by 1DeletedUser
  • You should move to hardware ddos protected server.

  • gbshousegbshouse Member, Host Rep

    M - mega, m - mili. If it's megabit per sec. then use Mbps

  • MaouniqueMaounique Host Rep, Veteran

    If anyone here is considering doing their calculations in milibits/s, then I am in the wrong forum :P

    Thanked by 1Pwner
  • gbshousegbshouse Member, Host Rep

    Mili sounds right for low end stuff ;)

  • What's your provider if you don't mind sharing?

  • century1stopcentury1stop Member
    edited January 2015

    lankapartnerhost said: You should move to hardware ddos protected server.

    need not make such a drastic move, proxy or tunnel to a DDoS protected network will work too... ;)

    milli bits per second service still exists? I'll probably need to get a nice cup of tea while waiting for a webpage to load...

  • MaouniqueMaounique Host Rep, Veteran

    century1stop said: I'll probably need to get a nice cup of tea while waiting for a webpage to load...

    You will probably finish a multicourse big meal for an average page today even with ad-blocking software...

  • @Maounique said:

    haha but my cup of tea lasts an hour or so....... :)

  • BuyAdsBuyAds Member
    edited January 2015

    I hope you are not with tunkeyinternet! They charge for every ddos attack $200+

  • @BuyAds : wow ! I did not know that !

Sign In or Register to comment.