New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anti-DDOS, how to do?
It's been a busy weekend for me and the company where I work.
One of our clients received a DDOS attack in the 20 Gbps range.
We managed to mitigate something, but there were still several downtime periods.
I'm not responsible for this area, but I'm looking for a solution to this serious problem.
We are in Brazil and the options are few for this problem.
I ask for your help in remedying this.
Comments
You either need to pick up a DDoS protected transit/tunel somewhere or get some big pipes and something like Corero to mitigate on your own.
In reality, given your location and bandwidth prices there it will likely make more sense to drop the Customer :-(
We are inside an ISP and the connection speed is not a problem.
I'll see more about the secure tunnel.
This is not something you want to try and do yourself.
If you have a large enough budget there are options for mitigation in Brazil in the form of protected transit. They aren't cheap though, particularly if you need to move large amounts of bandwidth or tackle Layer 7 attacks (since Layer 7 is typically not included with Transit solutions).
@Clouvider has covered everything pretty well. However you may have a third option, put the cost and responsibility on the customer. Give them a new IP (nullroute the old) and make them purchase DDoS mitigation from any number of the providers out there (e.g us).
@SplitIce Need your opinion on my (probably very stupid) solution: spin up Cloud VMs - hourly billing and unmetered incoming. Heficed and Oracle Cloud, both are available in South America I believe.
@AC_Fan it's not the worst idea for a one-off. But it's far from sustainable. I've heard of people doing it with Vultr for example. And as a significant (over 100VMs) compute user there, it's quite annoying when it causes issues for us and those that do it regularly get the boot (judging by the number of noisy neighbor tickets we have resolved via neighbor suspensions).
Expect to be banned VERY quickly on any "unmetered" service in region. Also keep in mind that "unmetered" does not mean DDoS levels. If you are a noisy neighbour and take other customers offline / cause issues you will get dealt with quickly. Further it really depends on the nature of the attack, is this something you can ACL easily? Or is it complex?
Anyway at the end of the day bandwidth costs money especially in regions like that. No company is going to take Gbps for you for free. I'm not certain what the cheapest 20Gbps+ goes for in Brazil but I would be surprised if it was less than $3k per month. And that's before your mitigation hardware, switching, power, etc. No company is going to keep on a customer that is abusing terms to cost them money.
If you do go that way you will need loadbalancing (or MPLS via BGP but that has it's own issues) to balance the traffic most likely. Make sure whatever company you go with has loadbalancers that can take that traffic (Gbps and PPS). Some sticky load balancers may also have a session limit.
Virtualization overheads will limit your PPS capacity significantly, you may need hundreds of VMs in order to achieve 20Gbps line speed (28.8Mpps). Budget some spare capacity too for larger attacks - and for your clean traffic.
It's rarely cheaper to do it yourself, unless you are at significant scale.