New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@MonsteR
if a Reverse proxy / GRE tunnel isn't effective then why is it still being offered?
did you ever consider the possibility that you might be wrong? wouldn't you rather try to learn more instead of being plain ignorant?
@MonsterR Prove them wrong if you are so sure... pretty easy acording to you.
@Mark_R
I have said DNS based Protection where are you getting the GRE Tunnel from? This has nothing to do with this discussion.
I have shown everyone videos of security Analysts who are professionals in this industry most likely know more then most of us and your still insisting that i am wrong? I have even more then enough proof to easily say DNS based ddos protection is in nearly all cases (with a working site) is pointless, Watch the full video and you will know exactly what I mean.
And have you watched the video of the Security professional even Matt from cloudflare agreeing let me quote...
I already have, if people are to ignorant to look at the facts or even read the full post then...
I do not need to watch some random vid you keep reffering to just to know what you say is bullshit.
I've been using reverse proxies for a long time now as cheap alternative to deal with ddos attacks on websites
it is 100% effective aslong the server it gathers its data from doesn't give away its real ip (proper configuration)
i'm really suprised about how stubborn you are, so many people tell you are wrong yet you stamp your feet in the ground and keep going on spreading false facts, how can you even call yourself a ddos protected hosting provider when you dont even know about this?
anyways goodluck, you'll really need it with this kind of attitude.
You didn't
No, we haven't.
Which means getting an IP of something behind CloudFlare is not inherently possible, as you implied earlier.
"Most" people would not be able to mount an attack large enough to trigger this behaviour, as I already pointed out. I already said this before, and it defeats your (implied) claim that "anybody can do it".
Sorry, what?
Which you keep repeating, but have yet to motivate.
You're speaking to somebody who has used CloudFlare since the early days, before the LulzSec marketing spectacle even happened, and who has received quite a few attacks, some of which were large enough to have CloudFlare disable proxying for my domain. I think I might have an idea what I'm talking about. Instead of constantly repeating "BUT IT'S INSECURE", you might want to consider addressing peoples responses properly.
Okey, Nearly anyone can pay $10 for this. Anyway I guess we can agree to disagree as you were unable to agree as I generally side with Security Professionals in this Indestry oppose to unknown people on forums with no real credibility.
Also yeah, I use cloudflare too I like their optimizations and I guess it may stop a few people from seeing the origin IP, Im not saying it's worthless, Im saying if someone wants to ddos you then it isn't the best solution for DDoS protection.
I don't think you are getting the point where you made a statement that something was very easy and have been called out to prove it. You've been offered $500 to provide some of your evidence.
I think at this point you've probably realised you were wrong and have a very small grasp of what you're talking about. You're now trying to fall back on generalisations and 'security professionals'.
I like what you did with the last paragraph in terms of deflecting things even further.
Okey so all you want is the origin IP right? Ill do it within the next day or so(When I have time, Really busy atm), And we can see if the $500 is real or not.
That's the spirit. Note that there are very specific methods you can use to capture that IP. I believe they are the ones you outlined were easy in one of your posts.
In other words, you know you're talking out of your ass, but you're unwilling to admit it. Right.
Oh, by the way, I just watched the video you linked, and just about every claim you made is a laughably wrong interpretation of what is actually said in the video.
I'm wondering who invented the term "DNS based ddos protection" or does this technique even exist?...
That's just some marketing bullshit, it doesn't even make any sense if you think about it.
It is marketing - but it is not totally false.
DNS is part of the job - and it is something no-tech people have - at least - a picture of.
You need access to the DNS records to point it to the right reverse proxy - or you need a dedicated ip.
It is not bad to have a DDoS proof DNS server either.
But it is not bullet proof if you do not know how it is working.
The server behind the proxy might do stupid things:
bad rewrite rules
bad cookie handling
file upload
bad sendmal config (no external smtp service)
subdomains pointing to original ip (easy to forget)
usage of SSL - yup the proxy needs the certs too - if it knows that SSL will be used
php or js generating urls for dynamic resources
ip still available in caches
You could use a DNS that has a Round robin feature
multiple ip's for the same domain, if one IP gets DDoS'd Offline it will take one of the other IP's you added that is still Alive (redirecting all requests.)
But i still do not consider this a "DNS based ddos protection"
sure you can add a shitload of IP's to cover a domain but its no way to go if you get flooded the whole time.
How about just using an IPv6-only server with IPv4 NAT & Cloudflare (or other reverse proxy with IPv6 support)? I don't think there is any way you can find the real IPv6 of such server. At most you can find the NAT IPv4 but attacking that one with DDOS won't do anything (or may be disable outbound requests for the web service to other resources).