Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Any experience with NetCup anti ddos?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Any experience with NetCup anti ddos?

Hello there! I’ve seen netcup recently and I’m extremely impressed with their prices and amount of power they offer. However, as someone who gets DDoS attacks pretty often, I’d like to ask if anyone had experience with their DDoS protection? How fast can it detect an attack? Does it have any false positives? Do they nullroute users under large network attacks? Is it customizable through web interface?

Comments

  • Each incoming DDoS incident generated abuse report into their panel which required my manual answering. I didin't have time for that shit when hosting a TS3 server that was everyone's target.

    On top of that it takes at least up to 5 minutes to start filtering because they have some stupid priority system.

    You need Severity level to be set "High" before there is any effect in the mitigation.

    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded for 3 minutes, changing Severity Level from medium to high  (expected rate: 250.00 Kpps, observed rate: 297.68 Kpps) (boundary: managed object)
    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded, changing Severity Level from low to medium  (expected rate: 250.00 Kpps, observed rate: 310.40 Kpps) (boundary: managed object)
    The "UDP" host alert signature has been triggered at router "bbr02.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 116.70 Kpps)
    The "RIPv1 Amplification" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 200.00 Mbps/30.00 Kpps, observed rate: 187.29 Mbps/51.34 Kpps)
    
    Thanked by 1OpenSource
  • @stefeman said:
    Each incoming DDoS incident generated abuse report into their panel which required my manual answering. I didin't have time for that shit when hosting a TS3 server that was everyone's target.

    On top of that it takes at least up to 5 minutes to start filtering because they have some stupid priority system.

    You need Severity level to be set "High" before there is any effect in the mitigation.

    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded for 3 minutes, changing Severity Level from medium to high  (expected rate: 250.00 Kpps, observed rate: 297.68 Kpps) (boundary: managed object)
    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded, changing Severity Level from low to medium  (expected rate: 250.00 Kpps, observed rate: 310.40 Kpps) (boundary: managed object)
    The "UDP" host alert signature has been triggered at router "bbr02.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 116.70 Kpps)
    The "RIPv1 Amplification" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 200.00 Mbps/30.00 Kpps, observed rate: 187.29 Mbps/51.34 Kpps)
    

    Thanks for letting me know. That’s quite unfortunate. May I know a little more about those abuse reports you were receiving. What were you exactly reported for? Also, did setting high severity solve all your issues, or you continued to expect lags / ping spikes / downtime even after that?

  • stefemanstefeman Member
    edited October 18

    @OpenSource said:

    @stefeman said:
    Each incoming DDoS incident generated abuse report into their panel which required my manual answering. I didin't have time for that shit when hosting a TS3 server that was everyone's target.

    On top of that it takes at least up to 5 minutes to start filtering because they have some stupid priority system.

    You need Severity level to be set "High" before there is any effect in the mitigation.

    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded for 3 minutes, changing Severity Level from medium to high  (expected rate: 250.00 Kpps, observed rate: 297.68 Kpps) (boundary: managed object)
    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded, changing Severity Level from low to medium  (expected rate: 250.00 Kpps, observed rate: 310.40 Kpps) (boundary: managed object)
    The "UDP" host alert signature has been triggered at router "bbr02.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 116.70 Kpps)
    The "RIPv1 Amplification" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 200.00 Mbps/30.00 Kpps, observed rate: 187.29 Mbps/51.34 Kpps)
    

    Thanks for letting me know. That’s quite unfortunate. May I know a little more about those abuse reports you were receiving. What were you exactly reported for? Also, did setting high severity solve all your issues, or you continued to expect lags / ping spikes / downtime even after that?

    It simply read "Incoming DDoS Attack" or something along those lines and required my explanation in some text field and warned that if I don't respond within x amount of hours the server will be suspended.

    I suppose answering "Incoming DDoS" to the text field would be enough, but I really couldn't bother with that stuff and the suspension threat got me annoyed cause I can't always check email every 24 hours, so I left.

    As for the mitigation, yes it worked. but it was hard to tell if it was due to the attack stopping by the time it reached "High" in Severity level. But yes, after 5 minutes there was no longer any downtime.. untill after 1 hour the mitigation got de-activated, when they attacked again.

    It is not customizeable. You don't get to choose anything.

    You can't even request for a permanent mitigation.

    This was their answer to that question.

    They are cheap but highly inflexible when it comes to Anti-DDoS and Abuse.

    Thanked by 1OpenSource
  • You can get a cheap server from OVH or another provider that provides better DDoS protection and then port forward to the NetCup server.

  • @stefeman said:

    @OpenSource said:

    @stefeman said:
    Each incoming DDoS incident generated abuse report into their panel which required my manual answering. I didin't have time for that shit when hosting a TS3 server that was everyone's target.

    On top of that it takes at least up to 5 minutes to start filtering because they have some stupid priority system.

    You need Severity level to be set "High" before there is any effect in the mitigation.

    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded for 3 minutes, changing Severity Level from medium to high  (expected rate: 250.00 Kpps, observed rate: 297.68 Kpps) (boundary: managed object)
    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded, changing Severity Level from low to medium  (expected rate: 250.00 Kpps, observed rate: 310.40 Kpps) (boundary: managed object)
    The "UDP" host alert signature has been triggered at router "bbr02.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 116.70 Kpps)
    The "RIPv1 Amplification" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 200.00 Mbps/30.00 Kpps, observed rate: 187.29 Mbps/51.34 Kpps)
    

    Thanks for letting me know. That’s quite unfortunate. May I know a little more about those abuse reports you were receiving. What were you exactly reported for? Also, did setting high severity solve all your issues, or you continued to expect lags / ping spikes / downtime even after that?

    It simply read "Incoming DDoS Attack" or something along those lines and required my explanation in some text field and warned that if I don't respond within x amount of hours the server will be suspended.

    I suppose answering "Incoming DDoS" to the text field would be enough, but I really couldn't bother with that stuff and the suspension threat got me annoyed cause I can't always check email every 24 hours, so I left.

    As for the mitigation, yes it worked. but it was hard to tell if it was due to the attack stopping by the time it reached "High" in Severity level. But yes, after 5 minutes there was no longer any downtime.. untill after 1 hour the mitigation got de-activated, when they attacked again.

    It is not customizeable. You don't get to choose anything.

    You can't even request for a permanent mitigation.

    This was their answer to that question.

    They are cheap but highly inflexible when it comes to Anti-DDoS and Abuse.

    Yes, indeed, it’s such a stupid system. If they have multiple severity levels it should always be set to high when mitigation is active as it’s not even permanently active but only when under attack. Additionally, not including possibility to enable permanent mitigation and not being able to select sensitivity levels is a huge dealbreaker for me. Thanks again for your time.

Sign In or Register to comment.