New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Good DDoS mitigation - Online.net
Would just like to say a massive public thank you over to the guys at Online.net
Their DDoS protection has been brilliant in the couple of times there has been a failed attempt at taking my servers off-line. This also stands as a recommendation for people who are looking for a good DDoS protected server. I have seen much higher (3x - 4x as much) attacks that have been mitigated well
Here is a screenshot from earlier this afternoon
http://postimg.org/image/ibkm0bjcx/full/
2.5GB and 216890 PPS mitigated.
Thank you.
Comments
Is there still a way to get the 1.99 servers? Do those come back every now and then? Or was it a one time thing? It seems to be 5.99 now.
Is this the basic protection that comes with every Online.net server or...?
@Nomad, it is
Nice, since it said "basic" I thought it'ld be much less. Now I can sleep better :P
Sadly, that offer is no longer available
And these have 500gb HDD's instead of the 160gb 1.99€ ones.
Only because the attacks are displayed on online.net's cp, it doesn't mean they are properly mitigated. Online.net's free protection is pretty bad.
I've seen bigger attacks that were mitigated and then smaller attacks that weren't mitigated at all, also there's packet loss involved usually:
Were those mitigated?
Sometimes, sometimes not. Sometimes they were mitigated but the server had packet loss for the next hours, sometimes the server wasn't reachable anymore.
@tr1cky I think they look for very abnormal changes in traffic, this afternoon I went from 360kbps to 700 meg inbound then boom Sevi kicked in and started kicking ass
On more than one occasion I've had their system detect an attack but not mitigate it.
@kcaj, I had the same, albeit it was an idiot who thought 14 meg a second could pull me down...
isn't it SSHD !
Online.net SC Gen2 :
Storage
500 GB Hybrid + SSD
yeah, That is SSHD. do 1.99€ ones have Hybrid + SSD ?
No, it has 160GB HDD
DC2 or DC3? For some reason their protection thing in DC2 always seems to work, however DC3 one is a little iffy.
I only have servers with them in DC3.
actually it was most certainly mitigated, usually (not only) it's that you got a previous attack a few hours before, then mitigations was already up when you get the second attack.
we need to work with the customers's console dev to improve the way we inform customers about mitigations, it's not actually pretty clear (one mitigation can spread over multiple attacks actually but we don't support that in the console display yet)
to be clear: if there is an alert in your console, it means it was mitigated by either Sevi/Arbor, we never let it go unmitigated (it's easy to check realtime by doing a traceroute, you'll see new hops on the way to your server)
Mik
Lets be honest here. Even with the business level the protection is shite . I have used online for a production service in the past and you were horrid. Limited our BW to 10mbit until we bought more BW. Been sometime now hope you fix your shit .
@mikmak, so even towards the end of my attack yesterday, the status changed to "Not mitigated", does this actually mean that the mitigation has stopped, or is it just that the attack has stopped.
@TinyTunnel_Tom, I have to thoroughly disagree. I have been with Online since October and they are the best provider, and do everything that I can ask of them. I remember another thread on here that turned into Online bashing, and that was because the poster had abused their server (e.g put 40tb through one of the €2 servers)
Thanks
Harry
For those considering the basic protection pretty bad, you need to consider a few points :
on detection side :
Classifying traffic patterns over our all customers is mostly an irrelevant idea. That's why we don't pretend (as some does , that you can have "one protection that will work for everyone", it's plain wrong, each customer has its own traffic patterns, and you just can't guess what your customer is doing with its servers. So yes, detection is clearly a "best effort/best matching for everyone" method
on the cleaning side during mitigations:
in the end that's why we always advise people needing protection to actually use our more elevated offers, not just for the sake of selling stuff (well we need to pay people involved in this, but honestly, we don't make money out of it), but because it's the only real way to provide a completely adapted protection to your servers where we can adapt both the detection and the cleaning process to your business
We were not using 1.99 machines but more 59.99+ and there was about 5,6 of them.
@mikmak, so do you evaluate traffic per server and then just look for things that are abnormal. So for example, a server that normally has around 500kb inbound, then sits at 700 meg inbound sounds alarms?
right now, there is nowhere to see when the mitigation stop (there is a pretty complicated algorithm on the duration of mitigations), you only see when attacks stop on the customer console (but again, you can check with traceroute for the mitigations)
we don't stop mitigations immediately because the most "hurting" part of an attack is the few first packets that aren't mitigated that usually brings servers to its knees), so instead of closing/starting a new mitigation we prefer to keep it up for a little while, protecting better against successive attacks.
I am sorry you had a bad experience, there is definitely no 10mb/s limitations on our protections, this more likely looks like a bad configuration on your mitigation profile.
Working on the mitigation takes time, experience and many exchanges with customers, our staff is learning every day from new attacks that pops up, new protocols, new game servers etc and as we are all humans, mistakes can also happens,
again I am sorry it could not be fixed by then
anti-ddos protection is a constant learning and evolutive matter,
just last thursday, a new kind of attack was escalated to me from the business team who first identified it (for the curious, it was a GGP protocol based attack) and we applied new measures at different levels to protect from these, first attack came around noon, around 2pm we already got first countermeasures in place to help this customer (and the protection will apply to all customers now)
Mik
Not the protection you limited US on port.
well, I am curious to have you server number here ...
Mik
Will see if i can dig it out. Wasn't my account but i managed servers.
That sounds odd. Do you have anything to substantiate this claim?