All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDOS mitigation solution discussion
This thread is specifically targeted at LEB providers that offer DDOS mitigation, and is meant to be an open discussion.
My question to you is, how are you offering DDOS mitigation? Did you roll your own solution, and if so, care to share any high level design or details? Did you purchase an appliance / set of appliances, and if so, how is it working for your customers. Are you tunneling your inbound traffic from a DDOS mitigation provider, if so, which one, and how is it working for you? Are there any good sources for information that you referenced during your mitigation setup, and if so, care to share?
Luckily here at nDeviX, we rarely get hit with a DDOS, so this isn't necessarily something that we necessarily need on our network. I think the community might benefit from some knowledge sharing on the subject though, both for providers and end users, hence why I'm bringing it up.
Comments
I doubt anyone would share how exactly their services work.
On our side, we tunnel the traffic through another provider, specializing in this kind of things and the rest of the filtering is done on server-level, as our provider is not that good with TCP/HTTP filterings. Works good enough at least at this point, especially when you consider the fact we charge 3$ per filtered IP. Somewhere in the end of the month I will roll out some major upgrades to this filtering, which are currently under closed beta testing.
None of the providers in the LEB area can afford to purchase a true DDoS mitigation appliance.
Also, saying you never get hit by DDoS will just provoke someone that would take it as a challenge to hit you off. You should always have a backup plan for such things
@francisco and @KuJoe both offer DDoS mitigation services.
Tagged so they can (hopefully) offer insight, unless they have some secret sauce.
Ill share.
My question to you is, how are you offering DDOS mitigation?
I am partners with a few providers (and receiving appropriate deals) as well as dividing larger packages into smaller protection services. I deal with the client side facing service rather than the raw mitigation itself (Which is done by the likes of CNServers, Voxility, JavaPipe, SharkTech etc).
Our infrastructure is mostly custom, although we use various open source packages including:
Our backend infrastructure is event based (of course) and developed in a mix of C/C++ and C# (via mono). The front-end is a very different beast (being PHP and Mysql).
All our nodes use Debian (Squeeze currently, although I am currently validating against Wheezy on our lab) and make heavy use of shell scripts and many supporting tools from the standard linux toolchain.
On the hardware side, we use a mix of vendors (as the choice is upstream of us).
All of our services are in datacenter, except those that the provider is tunneling behind the scenes (e.g Las Vegas / Oregon services). We have not purchased any software, although we may indirectly make use of some at our providers discretion.
Lots of research was involved, although nothing particular springs to mind. Although a good background knowledge and a few intelligent people on the nginx mailing list who helped me debug my first module back in the day certainly helped.
In addition the availability of affordable upstream providers, and good business partners.
If you have any questions feel free to ask them, and I will most likely respond providing they are appropriate.
We have been hit before several times, but not often enough to justify rolling an appliance (yet), but we can mitigate attacks via ACL's at our edge. I'd hope that the kids out there wouldn't hit us just to prove a point after me posting here, but if they do I suppose it proves my point about this type of thing becoming a bigger problem.
@SplitIce Thanks for sharing that info! That provides a great insight into what it may take for a custom solution to be deployed.