Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hosting Providers, what do you do for DDoS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hosting Providers, what do you do for DDoS?

GodsGods Member

So I'm making a budget to start a hosting company offering unique and hard to find locations.

One of my biggest concerns is DDoS. Most of the datacenters I'm looking into doesn't offer DDoS protection at all. So I'm looking for a service, like Voxility or Corero Cloud, that offers remote infrastructure DDoS protection.

I was wondering what other hosting providers do about this. I'm sure others are interested in this as well, as everyone has different solutions from colocation DDoS protection to paying a third party reseller for cheaper DDoS protection from a major network service.

So what do you use for your solution and what are some suggestions?

Please be serious as I'm sure someone will comment "Don't get DDoSed" or something along those lines.

Comments

  • jetchiragjetchirag Member
    edited March 2018

    Don't get DDoSed

    Sorry, couldn't resist!

    Thanked by 2Gods cassa
  • deankdeank Member, Troll

    Or pray to Gods?

    Thanked by 1FHR
  • nullroute china and russia.

  • GodsGods Member

    @sithrebel15 said:
    nullroute china and russia.

    How about I null route Africa, most of Europe and Asia. That should solve all 99% of DDoS attacks right?

  • hzrhzr Member
    edited March 2018

    Gods said: How about I null route Africa, most of Europe and Asia. That should solve all 99% of DDoS attacks right?

    That actually does solve quite a lot. For example in the last major attack against OVH that Oles talked about, literally like 80% were chinese ISP and the rest were cheap dedicated server hosts or cheap VPS hosts

    One setup I helped with in a small country with very weak connectivity (we're talking one city has ~1Gbps total international connectivity type of shit), we had the network entirely unrouted globally, and only privately routed to specific residential ISPs in the country. That way locals could all access at fast speed while attacks would go nowhere, since that space wasn't even reachable outside of the country.

  • NomadNomad Member

    Most of the attacks I got was from France, Latvia etc.
    Depends on who you pissed and what kind of budget they have.

    If there is a possibility, you can tunnel all your traffic through Voxility but then again latency will be a bitch in those exotic ways locations...

    Also separating regular customers and high possibility targets is not a bad idea either...

  • Gods said: offering unique and hard to find locations

    Gods said: that offers remote infrastructure DDoS protection

    You realize these two don't work together, right? When you use remote DDoS protection, all your traffic is routed through the DDoS protection provider's network. Even if your servers are located in an exotic place like Pandora, your network will be routed through protection service's network points like Chicago.

    The only upside can be that your server content can be legal (or illegal) depending on your server locations. But in that case your customers will be less than stellar guys looking for illegal hosting or something like that.

  • HarambeHarambe Member, Host Rep

    Kinda ruins the point of exotic locations if you're tunneling in traffic from DDoS protected PoPs - unless they're reasonably close.

    An affordable option would be to setup a GRE tunnel from a protected host like @Francisco (using Voxility) - or maybe you can talk to him about a more custom solution.

    Could also do this with @Clouvider, OVH, etc - but again, not the best solution for 'exotic' spots due to latency. And exotic spots don't usually have the available bandwidth coming in to be able to tank a standard sized attack nowadays.

    Thanked by 1Clouvider
  • SplitIceSplitIce Member, Host Rep

    You can always look into integrating routes via Anycast for regions and distribution links on all sides. If your exotic region is not a large component of DDoS attack. This is because often exotic regions have higher costs of transit (and hence remain exotic). Of course this is not the case, and it requires you to have a reasonable pipe to handle leakage on your end.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    I get DDOS'd because I talk shit about shithosts.

    Oh, what we do to deal with DDOS you mean. Voxility works well enough but is costly.

    Francisco

  • kms-hosting with their l7 filter or use ovh and set your ip to perm mitigation and only allow cloudflare ips through. Then captcha countries that have alot of attacks coming from them or use a CF auto mitigation script. Captcha protection with good caching rules can stop many attacks

  • GodsGods Member

    @AlexJones said:
    kms-hosting with their l7 filter or use ovh and set your ip to perm mitigation and only allow cloudflare ips through. Then captcha countries that have alot of attacks coming from them or use a CF auto mitigation script. Captcha protection with good caching rules can stop many attacks

    It's not for the website, it's for the virtualization server.

  • GodsGods Member
    edited March 2018

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

  • @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    This fundamentally ruins the attraction of an exotic location by making it centralized in a nonexotic location, though.

    Reconsider if you want your unique selling point to be exotic locations or ddos protection, then optimize for that. Not both.

  • GodsGods Member

    @Crandolph said:

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    This fundamentally ruins the attraction of an exotic location by making it centralized in a nonexotic location, though.

    Reconsider if you want your unique selling point to be exotic locations or ddos protection, then optimize for that. Not both.

    How does this ruin it? By doing this we can still offer DDoS protection for exotic locations. Latency is only added during DDoS attacks. This doesn't change the location of anything, and customers can choose to turn off DDoS protection if they wish to. That's just up to them. We'll just nullroute the traffic if it disturbs other customers.

  • GodsGods Member

    @Jack said:

    @Gods said:

    @Crandolph said:

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    This fundamentally ruins the attraction of an exotic location by making it centralized in a nonexotic location, though.

    Reconsider if you want your unique selling point to be exotic locations or ddos protection, then optimize for that. Not both.

    How does this ruin it? By doing this we can still offer DDoS protection for exotic locations. Latency is only added during DDoS attacks. This doesn't change the location of anything, and customers can choose to turn off DDoS protection if they wish to. That's just up to them. We'll just nullroute the traffic if it disturbs other customers.

    I'd recommend offering DDoS protection as an extra and have it enabled on a certain subnets only, as Crandolph mentioned running it for everyone might turn people away & just do automated null-routing for DDoS's for people that don't want DDoS Protection.

    Yeah I think that is the best option indeed.

  • jackbjackb Member, Host Rep
    edited March 2018

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    You probably want to detect the attack away from the target - how will you trigger the reroute if the network on the HV is down?

  • AlexJonesAlexJones Member
    edited March 2018

    Generally no one recommends remote protection because in most cases it will increase latency. If you NEED to have remote protection it would be preferable if you listed where you will be hosting g geographically because it would help to find close providers. X4b seems to be a good remote protection provider according to many reviews.

  • randvegetarandvegeta Member, Host Rep

    Anyone have ddos protection in Asia / HK?

  • GodsGods Member
    edited March 2018

    @jackb said:

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    You probably want to detect the attack away from the target - how will you trigger the reroute if the network on the HV is down?

    That's why it's not "optimal' like i said. But if the attack isn't big enough, upon first detection FastNetMon will be able to trigger a reroute.

    Another non-optimal way would be as a fallback, monitor all the IP addresses, and when one goes offline, check FastNetMon database and reroute. But then again non optimal

  • GodsGods Member

    Gods said: Gods

    @randvegeta said:
    Anyone have ddos protection in Asia / HK?

    Alibaba offers DDoS protection on all their instances.

  • jackbjackb Member, Host Rep
    edited March 2018

    @Gods said:

    @jackb said:

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    You probably want to detect the attack away from the target - how will you trigger the reroute if the network on the HV is down?

    That's why it's not "optimal' like i said. But if the attack isn't big enough, upon first detection FastNetMon will be able to trigger a reroute.

    Another non-optimal way would be as a fallback, monitor all the IP addresses, and when one goes offline, check FastNetMon database and reroute. But then again non optimal

    I believe what some people do is port mirror a sample which gets around the problem.

  • randvegetarandvegeta Member, Host Rep

    @Gods said:

    Gods said: Gods

    @randvegeta said:
    Anyone have ddos protection in Asia / HK?

    Alibaba offers DDoS protection on all their instances.

    I meant for network wide protection. Not individual VPS/Dedicated servers.

  • GodsGods Member

    @jackb said:

    @Gods said:

    @jackb said:

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    You probably want to detect the attack away from the target - how will you trigger the reroute if the network on the HV is down?

    That's why it's not "optimal' like i said. But if the attack isn't big enough, upon first detection FastNetMon will be able to trigger a reroute.

    Another non-optimal way would be as a fallback, monitor all the IP addresses, and when one goes offline, check FastNetMon database and reroute. But then again non optimal

    I believe what some people do is port mirror a sample which gets around the problem.

    Can you elaborate on that?

  • jackbjackb Member, Host Rep
    edited March 2018

    @Gods said:

    @jackb said:

    @Gods said:

    @jackb said:

    @Gods said:

    @Harambe said:

    @Harzem said:

    So what I decided to do is to only reroute traffic when a DDoS attack is detected. This isn't the best setup in the world, there are issues to it, but for now the plan is to install FastNetMon on the Virtualization server and when an attack is detected, trigger a BGP reroute to a scrubbing service, currently looking at Corero or Psychz. When attack is over another BGP reroute will be triggered to remove the scrubbing center.

    This would solve the "latency" issue but the issue would also be installing FastNetMon to detect DDoS attacks on the server that is being DDoS is a terrible idea. For optimal results, we should be installing it on the Router instead and detecting it before it reaches the server.

    You probably want to detect the attack away from the target - how will you trigger the reroute if the network on the HV is down?

    That's why it's not "optimal' like i said. But if the attack isn't big enough, upon first detection FastNetMon will be able to trigger a reroute.

    Another non-optimal way would be as a fallback, monitor all the IP addresses, and when one goes offline, check FastNetMon database and reroute. But then again non optimal

    I believe what some people do is port mirror a sample which gets around the problem.

    Can you elaborate on that?

    I've not done it myself so am not certain - but I believe you can set up a port mirror and run your fastnetmon on the mirrored port instead - allowing you to use various other techniques (possibly sampling) to prevent the fastnetmon box network going down - then using it to process the change despite the HV being down due to the ddos.

    As before though - I've never configured this myself or seen a configuration myself, just a technique I heard about and have no first hand experience of. Might be worth investigating but might also be a dead end.

  • GodsGods Member

    @jackb said:
    I've not done it myself so am not certain - but I believe you can set up a port mirror and run your fastnetmon on the mirrored port instead - allowing you to use various other techniques (possibly sampling) to prevent the fastnetmon box network going down - then using it to process the change despite the HV being down due to the ddos.

    As before though - I've never configured this myself or seen a configuration myself, just a technique I heard about and have no first hand experience of. Might be worth investigating but might also be a dead end.

    Interesting I"ll look into it.

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    By praying to DDoSers and ask some mercy.

  • GodsGods Member

    @DewlanceVPS said:
    By praying to DDoSers and ask some mercy.

    I'll just be like Hetzner and ask them politely to stop!

Sign In or Register to comment.