New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Confused by this question. I'll try to help out a bit. HTTP typically uses TCP port 80, obviously. This allows for a handshake and more reliable connection. UDP would be a bit too unstable of a protocol to use with HTTP, simply because we need to ensure the data gets there and is reliable. Other services like VoIP, can use UDP, simply because we need a faster connection with the only draw back of the voice possibly breaking up.
So to summarize -
TCP = More reliable for data that we need to make sure is readable
UDP = Less reliable, but a faster connection for services like streaming, VOIP, etc.
Keep in mind, you cannot compare HTTP to TCP/UDP, they are just not the same. HTTP is a layer7 application protocol, TCP is a layer2 protocol.
Consider me misinformed here, but HTTP is over TCP.
So there is some baseline of filtering available regardless of the Layer.
Layer 7 is just application layer, while Layer 2 is data link layer.
At Layer 2 TCP we should still be able to see traffic and influx of nutty requests. Is the issue that just not enough granularity at that level or what?
Makes sense in those terms per se.
So everyone needing to protect web services needs DDoS with Layer 7 protection then.
Basically, the sooner you can filter the "bad" traffic out of you network, the better. Layer2 filtration would be ideal because you can filter all of the Layer2 protocols, obviously. Layer7 filtering would be iptables kind of. Like how you drop x.x.x.x on port 80.
Yes, AFTER the TCP has been scrubbed, we can look at the payload of the remaining packets.
If they are HTTP, can see what they mean and if we detect a certain pattern, stop them.
After a stopped packet, automatically ban the IP and move on.
After a while, only the legit traffic should pass, but that is really hard these days when ppl can employ smart bots that can generate "legit-looking" requests to a web server, you need a lot of rules and auto-learning to deal with that, a really well constructed DDoS on L7 is almost impossible to stop, especially since the web server doesnt need many hundreds of requests per second to drop unless you have a monster or distributed load.
@KernelSanders Sorry, the question wasnt for you, was for the ppl ofering the service, at first glance the ticket answers might indicate someone who doesnt have a clue, maybe was something lost in the language, wanted to get a more elaborate answer see if they know the trade.
Not a problem, just trying to help shed some light
I'd think Layer 7 filtering would be the end user job. Can't envision an upstream provider touching on Layer 7, but possible with advanced pre-made solutions I suspect.
Only easy way to trim DDoS on Layer 7 is pattern recognition based on prior training/knowledge of traffic.
I don't toil on these there levels, but obviously anyone doing anything real needs to get up to speed and employ both layers in their solutions or be offline quickly.
Yes, but that is not easy unless the bot is dumb sending the same request all the time or just a few recorded ones.
Someone who knows what they are doing might construct specific bots for specific sites requesting some of their most popular pages, loaded with database queries, locally generated graphs/images, that will be hard if not impossible to filter out if the bot does not ask those too fast and not always the same, like a recorded macro from a visitor multiplied with tens thousands of bots under their control.
Eventually the filters will learn and the request cannot come too fast either as they will blow their cover meaning the net should be large indeed, but it will be a hard battle even for the best hardware solutions out there.
When the DDoS reaches 2500 IPs you drop the protection ?
2500 limit is in place to prevent high traffic usage from every client, we dont drop the protection if it reaches over 2500 people wont be able to establish a new session until another one is dropped.
Currently speaking to our provider about a long term contract for expansions, so we can implement our HTTP reverse proxy for $10 per month this would include no limit apart from a fair share policy. looking into doing a WAF Platform/ Graphs/ Zone Editing / Varnish Cache, including fail over dns. Not completely sure what our future plans are relating to this service, we can implement most of the features on Friday.
@Zen are you a VPS provider? Or do you just have some spare resources on your servers? Thanks
Hi,
since we offer cloud VPS'es hosted on a DDoS protected network, I thought I might jump in this discussion. Incloudibly.com offer scalable, instantly deployed virtual cloud servers with free ddos protection up to 10 Gb/s (4 Mpps). Based on our statistics, this level of protection is enough to mitigate against 90% of attacks that our network received so far.
Should any questions arise, I'm here to answer them.
@incloudibly I'm curious about colocation, are you ok with setting up GRE tunnels to protect our own IPs
Any promos for us Low End People...? ;-)
Looks like the only cheap way to deal with Incloudibly is via a $72+ month cloud solution.
DoS outright protection is per domain and $152/mo.
@Jacob No, we do not allow GRE tunnels. Colocation prices are totally negotiable, it depends on what you actually need. Contact our Live reps for a quote.
@incloudibly Why do you not allow tunnels, I don't really see how it matters.
@pubcrawler The cheapest cloud server config that we currently offer is 66.00 USD worth https://incloudibly.com/en/cart/add/19
Oh, did I mention discounts on long term orders? Cheapest config ~$51.48 at a 22% discount for a 12-month order.
@Jacob GRE tunnels are not allowed on free protection plans, however, you can set up a GRE tunnel on an Enterprise DDoS protection package.
@incloudibly how much is enterprise protection?
@Jacob Not cheap, but extremely efficient 2310.00 USD/mo. https://incloudibly.com/en/ddos-protection
Decent price to pay to keep the script kiddies away
@KernelSanders free DDoS protection that we offer keeps script kiddies miles away
Enterprise level protection is a proprietary high-grade solution that can protect you from those attackers who 'mean it'. This price also includes hours of our engineers' work to fine tune filters and create custom protection scripts.
Sounds like a great deal to me, I'll have to check out the free edition, because I probably won't need anywhere near the enterprise filtering, thanks!
Dont you only have a single RioRey RS (4mpps/10GE, i'm sure i walked by it at Colozüri) on a single 10GE Cogent port? I remember seeing horrible, horrible routes to you from the EU (US wasn't that bad).
Might want to drop in a 10G HE port as well or a 10G link to DECIX/AMSIX.
@William Nope. We are a multi-homed ISP, you can find more information on our network on the website. DDoS protection service that we provide is mostly proprietary developed by our employees and it is capable of mitigating attacks that peak far beyond 4 Mpps limit. BTW, it's not Riorey based.
Just as a update to Everyone on LowendTalk.
We now offer Protection Against HTTP - Layer7 Floods, it is also possible now for GRETunnels and Proxying Servers to be run on our VPS Products.
Could I know the Price Range and order page?
@JoelHall it seems your account has been disabled in WHT. what's wrong?
@GaNi
Here is a link to our HTTP Proxy Packages - http://secure.izserv.com/cart.php?gid=2
@Mon5t3r
We are still in talks as to why our account was disabled.
How ever we are still going to provide as good as quality of service as we have always tried to do.. regardless of our account Status on WHT.
@Jack
We do not resell products for anyone else. so please gets your facts straight before you attempt to accuse IZServ of reselling other peoples products.
We have servers from the following providers, Hosteam & CNServers
@Jack
Did we ever say that we own all the network / ddos mitigation devices ?
We have servers from the following providers, Hosteam & CNServers