New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Dark_Soul,
I get where you are coming from :P You probably wouldn't see that from big names that are like corporations and what not....but you should come hang in the IRC like I am doing.
Great group of guys there and they are a bit rowdy/untamed but they seem to know their stuff.
They managed to push me towards them :P
ONE OF US
ONE OF US
ONE OF US
Francisco
Maybe lol I am still a bit meh about the fact of the openvz on managed
I couldn't buy a managed kVM lol
I have been with BuyVM since mid-2013 and currently have a VPS in each of their location. 2 Thumbs Up!
Finally upgrading my PayPal account to verified status because my order was rejected earlier
lol that is amazing
edit: on another note, how do you pronounce c'boas?
Exactly how it's written. Honestly, I rarely say his last name and usually just go by "Ald"
Francisco
https://translate.google.com/#fr/en/C'boas ?
Try https://translate.google.com/#ru/en/C'boas
A bit off-topic, but out of interest:
Do most of these matter from the perspective of someone renting a dedi?
I think the main benefit of dedis over VPSes, in regards to performance is consistency (and no virtualisation overheads). But bursting can be useful - kinda depends on what you prefer I suppose.
Of course they do, you want it run smoothly? Want it to be accessible if something goes wrong?
If you look at the recent GVH/Hostress issues where Nodes were wiped it was mentioned that IPMI was not secured properly.
Fully understanding what you don't have to do with a VPS vs What you must do and may need to on a Dedi is key. Many just don't know.
Which sounds like the fault of the host, not the client ("you"). In which case, you're boned regardless of whether you get a dedi or a VPS.
What I meant that, given that you trust your host (which you somewhat need to, otherwise why would you lease from them in the first place?), do any of the points raised really matter?
with the DDOS protected IP's does the control panel provide any details of the attacks you are being hit with?
No. I believe this is a limitation of feedback from Voxility.
How does ddos protection work with a dedi server? Does it basically just increase the limit of inbound data? What's the catch? They'll still null route you if it's severe right? (How many MB/s for how long) would be a null route from a DC with Vox?
Only allow access from internal network or specific IPs (can firewall it in router). If you're selling dedicated servers, do like OVH does and enable IPMI access for a limited time to the customer IP only.
Port speed remains the same. Under normal circumstances data is passed directly to your server. In the event of an attack, traffic is re-routed by mitigation kit that "scrubs" the traffic, i.e. inspects it with the aim of only passing good traffic onto your server.
Take a look at the OVH explanation here, they're probably better at explaining it than I.
Yes, the mitigation service has a limit. This could be an arbitrary limit set by your host, or a limitation of the systems being used for mitigation.
Can and will vary from host to host.
Sweet, thanks for the explanation. The thing I'm worried about is, I can get an average of around 4.5 MB/s just from using LOIC from my home router to a VPS IP. (Not much, but when I did my iptable testing on a 75 cent vps, it got suspended the next day which was expected). But it just seems like, anyone could really... just do some udp flooding and boom, you're offline. The MAX MB/s must be a lot more than 5 MB/s I am assuming for a Vox protected IP (obviously a higher limit if you spend higher cash?) If that IS NOT the case it just seems stupid to even buy a dedi with ddos protection. Rather just push it through a gre tunnel I'm assuming.
Especially all these shitty 'stress' tester sites that offer $4.99 a month for 'packages' that can do a lot more flooding than my shitty router. One person could use it and boom, my dedi server would be down and they would only had to of spent $5 to do it. Just seems unfair there has to be a better way. I'm thinking GRE tunneling through BuyVM.
Around 300Gbit to be exact.
Really? Lol holy shit.
IS that per second, or accumulative over xx of time?
Those stress test websites (for example loader.io) need verification before sending any loads out, you have to create a file and insert a random code into it on your webserver for the service to verify you actually own the website(s) and then you can run tests.
I've seen nullroutes at Voxility happening at 50gbit/s but usually you won't get nullrouted if an attack isn't bigger than 100gbit/s.
It depends on what kind of attack it is and how hard it is to filter, how many ressources it needs to filter.
Furthermore it varies from provider to provider, with zare you can get nullrouted for 10gbit/s if some of the attack traffic leaks through.
The provider should have a decent bandwidth pool and should be able to tank 40-50gbit of traffic themselves.
That is their total (thus "shared") filtering capacity - They advertise 800Gbit+, BuyVM tanked 100G+ and i've seen 250G UDP myself. Their idle load seems currently to be at around 60-130G (Graphs are in the panel) so currently available protection capacity should be between 150 and 600Gbit.
We've seen Voxility handle 130Gbit+ for some customers in Las Vegas.
While Voxility markets it at 700gbit+, we don't since it'd be untruthful. Whenever we see them handle a 150gbit on our behalf i'll increase the details on the site
He's not talking about loadimpact or 'legit' stressers. He's talking about the hackforums 'stressers' which are normally an attack site behind cloudflare (because they will get ddos otherwise) and then ecatel spoofing boxes for attacking.
It's a sad state because a 12 year old with $5 in his pocket can force a project/website/company to spend thousands on DDOS protection.
Francisco
Indeed the cost of launching a DDOS is several orders of magnitude cheaper than the cost of defending against one and it's only going to get worse as the speed/availability of connections increase along side the number of IOT devices (many with Sod all security) get added to the network.
I guess when IPv6 rolls out we're see how many vendors bothered with the firewall in their consumer routers/cpe.