New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Do you see anything leak?
During the attack, I am not able to reach the server. So I think, the attack is leaking.
Which location are you in?
Server is in Gravelines.
Didn't mean to get where you are physically, but whatever :P
Being that it's their main DC, it's probably some dirty attack leaking.
Have you tried calling them/opening a ticket? They're happy to help you mitigate, because if the attack leaks, it'll affect the entire node
For SYN? Well, it maxes out CPU on the vps, not much harm done otherwise.
OVH don't claim to have L7 protection last time i remember using them right ? or is that me being stupid
Is it due to basic vs game ddos protection difference ?
I think its a qbot botnet that uses residentional ip's from what i gathered from this. It are a shitload of bots (around 4k most of the times) with most of em being under 512kbps up, based on routers. max 512-10240packets per router. That means the packets are too small for OVH's firewall to read most likely on the basic VAC series.
OVH support said that mitigation is automated and they don't intervene.
I suspect your own traffic is being mitigated rather the attack leaking.
Other IPs in the VPS also went down during the attack. So I am sure attack was leaking
Maybe Layer7 Flood - this will generate also a large number of TCP SYN/ACK/PUSH depending on the type of attack.
Do you see a unusual high rate of http / https requests?