New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Alright UK providers, time to draw up some strict legal documents, print up lists of your clients and any websites or services that you can tell they run from looking on the outside. Now get together in a large meeting room and compare notes.
@jarland: I want in on this. I hear they have great crumpets in the UK
If memory serves me right, one of the side effects of the dot com boom was a large migration of lemon dealers from used car lots to the web hosting industry in the late 90's. :P
script kiddies generally don't have the resources available to mount the type of large sustained attacks that have hit some UK providers.
...and then there are people who are too lazy to read the TOS of providers and post a million "do you allow IRC" questions
Haven't actually commented on this yet...
But I wanted to say good luck to Crystal. Crystal has been a big help to me before, so good luck and I hope it goes well for you ;-)
The heck is a crumpet? Bunch of hippie communist foreigner... sorry troll mode switch is stuck on today.
Seriously though, need to sign some non-disclosure agreements and get together in person to compare notes face to face. If it's this serious and it's not letting up, it's worth some plane tickets.
lol
Nope, NL is worse and always has been, none are bad though, UK is actually the least attacked.
If no one is going to say this I will, these attacks are obviously some child (mentality wise) host who has managed to spend some time gathering up a mass of open resolvers and knows how to run an amplification attack, the DC's are just doing an armature job of dealing with it.
Given that all the serious lengthy attacks have been on OpenVZ hosts who are in the UK and very vocal in here about them I honestly think you can narrow it down to around 5 suspects and no doubt they are taking part in these discussions deflecting attention.
I would ask that everyone stops with the UK DDOS threads and communicates privately if at all or sets up some scripts as I have to do a full network capture of all traffic for 10 - 15 minutes once 5+ pings are dropped from the gateway.
If you want to send me your pcap formatted captures afterwards for analysis I am happy to go through them but please stop making this whole thing so public it is only going to put a smile on the face of the responsible person and will not achieve anything that a few select PM's can do without all the drama.
Agreed
+1 @jarland.
The note comparing time for these providers is overdue.
Attack vectors, signatures of the attacks, geographic relationships or concentrations, overlaps, etc.
At pace this is going with the attacks, isn't going to be any LEB style offers out of these two facilities.
I have spoken with David from UKServers a few times, i asked for a quote tonight and he straight up refused us service
Must be bad for a provider to be turning someone away!
Removed.
I don't think many uk providers have very big networks. bw is really expensive and i have not seen a single provider in uk selling ddos protection services, which is common in other countries
@superpilesos,
Rapidswitch is the main Maidenhead center folks are making offers out of, right?
See:
http://www.rapidswitch.com/services-shield.aspx
RapidShield Security
Shield your data from malicious attack
Realtime protection for your platform - get a RapidShield security solution
The internet is a 24x7 platform providing the opportunity to communicate with, market to, inform and educate others. As reliance upon the internet increases, so does the threat to businesses and users. Our RapidShield security protects offer round the clock protection against malicious attack.
In order to achieve PCI-DSS compliance customers will need to invest in reliable, approved tools that can lock down and protect systems from vulnerabilities and known threats. Advice is available to ensure your platform achieves compliance and stays that way.
Looks like that datacenter offers DDoS services. Unsure about the size, scope and price though.
Cisco ASA is not DDoS mitigation, and the DDoS mitigation they list is 'award winning software'
I am pretty sure they all have the ability to provide the service it's the cost that prevents it, I know of one provider that got a quote from 2 DC's and was in the £x,xxx per year.
^ true @superpilesos.
I'd expect true protection to ban upstairs on the other side of the router though, before transit. That's been my issue with these facilities and their methods.
That said, I am sure there are options in the UK to do what Awknet, Black Lotus, etc. do here in the States. Costs? Ehh, shopping is a little harder and the services aren't highly known here.
@W1V_Lee, so £1000-9999 per year? That's reasonable at face value, but depends on throughput.
Awknet public pricing:
nterprise Proxy
100TB Clean Traffic
Blocks All DDoS
10GE+ Flood Filtering
4Gbps TCP Capacity
Unlimited Inbound
Unlimited Websites
$999+/mo
Awknet and blcc both go down entirely if they receive enough traffic,i wouldn't use them
except you would have to have around 170 servers per node just to cover the ddos protection of course if you want to offer services here
@pubcrawler it was closer to £5k a year, which I agree is not unreasonable but we are talking LET hosts here, whom for the most part won't/can't afford that. Right or wrong, sympathise or not that is the bottom line.
And if the prices go up because they offer it people complain it's not competitive, so from a provider point of you can understand not having it.
But as we know anyway, Rapidswitch is a location of choice for providers due to it's low pricing, but equally the lack of protection leaves them wide open, RS don't care and to be honest neither should they, it's really not their problem until you pay them whatever they are asking to make it their problem.
Never seen that pricing from any provider in the UK that doesn't send the traffic to the US first.
@superpilesos, anything goes down when threshold met. Question is, how big is that, what can you pay for and is the method adequate to endure such stupid attacks?
Time to start cracking down on DDoS and similar attacks with heavy time in prison.
But have you seen a serious DDoS attack come from someone in USA? I never have. They are in countries where it doesn't matter if the US starts cracking down with heavy time in prison
£5k a year = 400 a month..
If a provider had actual DDoS service it would be a differentiator. Reason to charge more, offer as uptick. Again see BuyVM.
Agree though @W1V_Lee.
Seems like the LEB providers buying on price alone are getting a taste of the same medicine end VPS buyer buying on price alone have been choking on for years
Also, it is incredibly difficult to prove who is behind such an attack
True.
The US isn't the world. However, I see no barrier to international regulation, treaties and cooperation. These attacks negatively impact targets in all countries. They are a hazard to everyone.
Be it tinfoil hatish, but how long before one of these attacks focuses on something that offlines nuclear, oil refinery, satellite or other costly and perhaps destructive things and cause loss of life? Potential certainly exists.
Agree. That is what is masterful about the attacks. But no man exists as an island, in a bubble. The trails and prints are all over the place.
It would be more than that for multiple servers/ranges and that is on top of your other costs, and then they just throw you a 15 - 20gbit attack anyway and your screwed.
You cant win, well you can, but you need some laws or an elite team of ninja rabbits and a video camera.
@AnthonySmith, you are one of my favorites!
Scale is an issue. But having ability to deflect some level is many times better than no protection.