Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Best DDoS protection for the money
New on LowEndTalk? Please Register and read our Community Rules.

Best DDoS protection for the money

In my experience I have never come across the need for DDoS protection and mostly considered it a curiosity big companies would face from hacking groups. After some reading recently I came across some information stating that DDoS was now something that was fairly easy to carry out by low skilled attackers and for some years now there have been services where you could pay to have a target DDoSed.

While this isn't exactly a major concern for me right now I am wondering what would be some ways to handle something like this without breaking the bank. Generally it's better to be reactive than proactive.

I would also be interested to know if this has ever happened to anyone, how long did it last how was the problem solved and any other basic information that you wish to share about the attack.

What are the LET members using and how much does it cost?

Comments

  • CConnerCConner Member, Provider

    We've had great results with Corero's DDoS protection. Especially on their new NTD1100 appliances. We've since started implementing it ourselves and the results have been great so far.

    Thanked by 1Actavus

    GameDash, an AIO solution uniting billing, support & game server management.
    Visit our website or join our Discord to find out more.

  • Are you a provider or customer?

    If you rent servers, you would want to use providers with antiddos systems ready.

    OVH (VAC/Smaug)
    NFOservers (Unknown, likely Arbor or Corero)
    Zare (Unknown, Juniper?)
    Clouvider (Corero + FlowSpec)

    If you are Colo provider, then buy expensive hardware and large upstream port.

  • CConnerCConner Member, Provider

    @stefeman said: Zare (Unknown, Juniper?)

    Corero + Juniper

    @stefeman said: NFOservers (Unknown, likely Arbor or Corero)

    Router based solution + FlowSpec. Inquired about their method a while ago

    Thanked by 1Zare

    GameDash, an AIO solution uniting billing, support & game server management.
    Visit our website or join our Discord to find out more.

  • I would say OVH's DDoS protection is still one of the best and most affordable. Our gaming community has receiving attacks for over 10 years. Without OVH it would not have survived.

  • MarcoooMarcooo Member, Provider

    The datacenter we use uses Huawei AntiDDoS 8000 series

    | TurboHost| turbohost.nl | DDoS Protected |

  • Akamai

    #!/Bashblog.net | Free Wordpress Hosting | If you can't idle, what's the point?

  • SplitIceSplitIce Member, Provider

    It isnt entirely clear whether you are after the best, or the cheapest. Since you mention that you arent currently under threat you may be best looking for the cheapest.

    You are correct attacks are very accessible. With many free and cheap stressers available attacks it doesnt take anyone with particular skills or resources to launch an attack and give you a bad day.

    The types of mitigation available at for cheap / included "free" with some dedicated server providers may help you if all you see is a small low-spec attack once in a blue moon (of course you will also need some technical know how for if/when this goes wrong). Although more and more stressers these days have particular attack methods targetting these (I'm not going to detail weaknesses, or provide stresser names - don't ask).

    Services where you pay directly to have a target attacked by an individual/group are generally high spec as they are launched by professional attackers. Those are the types you hope not to receive, as they will try all the methods in their arsenel until they find something that causes an effect - and keep it up for days, weeks, months (from experience) - as long as the client pays.

    If you are looking for something more expensive (and arguably better as they will provide you with an account manager and have substantially more human resources) companies like Akamai exist. Just be wary not to have a heart attack when paying the bill.

    X4B - DDoS Protection: Affordable Anycast DDoS mitigation with PoPs in Europe, Asia, North and South America.
    Latest Offer: Brazil Launch 2020 Offer
  • SplitIceSplitIce Member, Provider

    @trycatchthis said: Generally it's better to be reactive than proactive.

    And yes, it's definately better to be proactive. You don't want to be dealing with moving servers, or setting up remote protection during an incident at 3 am.

    X4B - DDoS Protection: Affordable Anycast DDoS mitigation with PoPs in Europe, Asia, North and South America.
    Latest Offer: Brazil Launch 2020 Offer
  • For these particular projects, I have providers that do not seem to explicitly offer DDoS protection so I was looking to see what 3rd party options are. These are VPS and not dedicated or co located so physical hardware is not necessary. But the information on how people handle it with physical hardware is good to know.

  • vcdnvcdn Member

    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

  • @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    This seems to be catered towards the provider.

    Wouldn't a CDN have huge costs under a DDoS which has me nervous about using them. WAF wouldn't these be overwhelmed?

  • vcdnvcdn Member

    @trycatchthis
    Ah ok as an user you should rely on L7 protection, such as Cloudflare or many other services (some are very expensive and others are quite cheap)
    If you would like to try out a L7 protection feel free to contact me

  • emilioBemilioB Member

    @marvel said: Without OVH it would not have survived.

    man, you didn't get any serious attacks, ovh is sheet

  • DataIdeas-JoshDataIdeas-Josh Member, Provider
    edited April 21

    @trycatchthis as mentioned above. Corero is nice but very expensive and relies on you having a big pipe coming in in the first place.

    Give https://Path.net a look. Let them know that DataIdeas-Josh sent you. I highly recommend them.
    Just let them know what your looking for and they will be able to work with you. Great customer service!

    Edit: fixing autocorrect spelling.

    Alien Data: VPS and Colo Based In Texas, Unmetered Bandwidth.
    RPIServers: Dedicated Micro Servers - Micro Colo - Unmeterd Bandwidth

  • BinaryBinary Member, Provider

    @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    FastNetMon only does simple bandwidth threshold "detection", and source-IP blackholing.
    Didn't hear much good about Path, but that might be worth a shot.

  • DataIdeas-JoshDataIdeas-Josh Member, Provider

    @Binary said:

    @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    FastNetMon only does simple bandwidth threshold "detection", and source-IP blackholing.
    Didn't hear much good about Path, but that might be worth a shot.

    Give Path a shout and let them know DataIdeas-Josh sent you.

    Alien Data: VPS and Colo Based In Texas, Unmetered Bandwidth.
    RPIServers: Dedicated Micro Servers - Micro Colo - Unmeterd Bandwidth

  • ehhthingehhthing Member
    edited April 23

    You can use Cloudflare for web services, free unlimited L4 protection and some basic L7 protection as well.

    (Basic as in, lots of people have tried to attack it and some have succeeded, but either way you can implement some L7 attack protection on the webserver level since they're much easier to protect against than L4 attacks which require large upstream bandwidth)

  • @Binary said:

    @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    FastNetMon only does simple bandwidth threshold "detection", and source-IP blackholing.
    Didn't hear much good about Path, but that might be worth a shot.

    Path.net is definitely worth a shot trust me I've been using them for 8 months now, you won't regret it, I wasted so much money on so many different providers like Cloudflare, OVH and way more known provider. I can even show you the tickets I had with those companies that still couldn't help me with the attacks I was getting on my Rust game server and my website where I sell the addons.

  • stefemanstefeman Member
    edited May 2

    I cant see Path as competent choice due to the fact I know the people that run tempest.net which is path.net official vendor. One was involved with https://octosniff.net/ (Used to pull PSN/XBOX player's home IP Addresses for other DDoS tools) and https://octovpn.com/ while i've seen the other guy even deeper in DDoS scene.

    Anyone that sells poison and cure at the same time cannot be trusted much.

    While this might give them some qualification as they surely know how things are when there are attacks, for the same reason you don't buy used car from your neighbor, remembering what I have seen them typing elsewhere gives me automatic repulsive reaction to anything path or tempest has to offer lol.

    Lets not even mention the "groups" the after mentioned was part of.

    Overall its quite shady given the founder's previous history and the fact there are so many forum shills about it.

    Thanked by 1markd
  • DataIdeas-JoshDataIdeas-Josh Member, Provider

    @stefeman said:
    I cant see Path as competent choice due to the fact I know the people that run tempest.net which is path.net official vendor. One was involved with https://octosniff.net/ (Used to pull PSN/XBOX player's home IP Addresses for other DDoS tools) and https://octovpn.com/ while i've seen the other guy even deeper in DDoS scene.

    Anyone that sells poison and cure at the same time cannot be trusted much.

    While this might give them some qualification as they surely know how things are when there are attacks, for the same reason you don't buy used car from your neighbor, remembering what I have seen them typing elsewhere gives me automatic repulsive reaction to anything path or tempest has to offer lol.

    Lets not even mention the "groups" the after mentioned was part of.

    Overall its quite shady given the founder's previous history and the fact there are so many forum shills about it.

    Please explain the issues at Path/Tempest...

    because "Anyone that sells poison and cure at the same time cannot be trusted much." got me very curious.

    Alien Data: VPS and Colo Based In Texas, Unmetered Bandwidth.
    RPIServers: Dedicated Micro Servers - Micro Colo - Unmeterd Bandwidth

  • stefemanstefeman Member
    edited May 2

    Disregarding the issue with tempest crew, the founder of path.net, Marshal Webb was lulzsec member going by names "m_nerva/cimx/rq42/mudkipznlulz/minervasx" in 2011 and was arrested for all kinds of stuff.

    https://threatpost.com/home-outed-lulzsec-member-mnerva-raided-ohio-062911/75384/

    Selling poison and cure refers to octosniff/octoVPN

    Of course hes well respected now among the providers, so I guess you could call it some teenage phase where you do stupid stuff. He also leaked/exposed/snitched (whatever you want to call it) all of his internet friends to save himself which caused some anger back then.

  • ntlxntlx Member

    While I personally have heard only good things about path.net in the past, you bring up a very valid point. However, I would also argue that a lot of the very best people in terms of combatting BS like DDoS attacks, scams, etc. are people who are former/reformed hackers and the like themselves. Though, I do understand completely the hesitation, and don't blame you.

    I have personal experience with both sucuri (sucuri.net) and defense.net/f5.com - both have their pros/cons. I think it depends mostly on your use case and what kind of infrastructure you are trying to protect. Personally if I had to pick one of the two, I'd go with f5. They were able to mitigate a massive, coordinated attack of a former client we were receiving (this was back in the day when they were still operating as defense, so take that for what its worth) that was absolutely hammering our machines, and rendered it basically at most 10% it's efficacy levels within a very short period of time. I would definitely recommend them.

    Thanked by 1Cybr
  • SirFoxySirFoxy Member

    @stefeman said:
    Disregarding the issue with tempest crew, the founder of path.net, Marshal Webb was lulzsec member going by names "m_nerva/cimx/rq42/mudkipznlulz/minervasx" in 2011 and was arrested for all kinds of stuff.

    https://threatpost.com/home-outed-lulzsec-member-mnerva-raided-ohio-062911/75384/

    Selling poison and cure refers to octosniff/octoVPN

    Of course hes well respected now among the providers, so I guess you could call it some teenage phase where you do stupid stuff. He also leaked/exposed/snitched (whatever you want to call it) all of his internet friends to save himself which caused some anger back then.

    Frank Abagnale was a notorious forger then was hired by multiple companies and the FBI to detect forgery. Usually those that lived on the opposite side have the most experience.

    lurking in the shadows like a wombat or some shit

  • pierrepierre Member
    edited May 2

    The most effective DDoS Protection is just unplugging the router/switch. Always works and never fails. Free, Instant, and super easy to manage!

    Thanked by 1skorupion
  • CybrCybr Member

    @pierre said:
    The most effective DDoS Protection is just unplugging the router/switch. Always works and never fails. Free, Instant, and super easy to manage!

    You mean the most effective DDoS attack... Cutting the servers connection is the entire goal of any attacker targeting a network.

  • FranciscoFrancisco Top Provider

    @stefeman said:
    Disregarding the issue with tempest crew, the founder of path.net, Marshal Webb was lulzsec member going by names "m_nerva/cimx/rq42/mudkipznlulz/minervasx" in 2011 and was arrested for all kinds of stuff.

    https://threatpost.com/home-outed-lulzsec-member-mnerva-raided-ohio-062911/75384/

    Selling poison and cure refers to octosniff/octoVPN

    Of course hes well respected now among the providers, so I guess you could call it some teenage phase where you do stupid stuff. He also leaked/exposed/snitched (whatever you want to call it) all of his internet friends to save himself which caused some anger back then.

    I honestly don't care too much about what they did when they were in their teens or what have you.

    What I can tell you is that when we were getting deep dicked during the New Years weekend, Marshal gladly took my call and rallied all the troops to get me onboarded within around an hour.

    Within 10 minutes of initial reach out I was in a call with Marshal. He explained their platform and offered to help us out, no commitment. Within 30 minutes I was in a group chat with Konrad, Zigi, Marshal, and August, and they started to get us onboarded.

    They reached out to NTT & GTT and got AS-SET's flushed so our prefixes would be instantly approved. They got us GRE's and everything configured quickly.

    Zigi even stayed on during the weekend helping users with any issues they may have been seeing while we were in "shields up" mode. He tweaked things to improve service for everyone.

    Cloudflare on the other hand told me "we're in read-only for the next X weeks, you're on your own", even though we had been begging/pleading with them to get us BGP support, or at least approve all of our ranges. To date they still can't "figure out" how much they should charge to just have my ranges approved, not always-on mitigation.

    I legitimately don't give a flying fuck if Marshal was a /b/tard posting meatspin shock videos or whatever.

    They saved my ass and I thank them for that.

    Francisco

    Thanked by 3Cybr Clouvider jon617
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • @Francisco said:
    I legitimately don't give a flying fuck if Marshal was a /b/tard posting meatspin shock videos or whatever.

    You make it sound like that's a bad thing

    Thanked by 1Francisco
  • joyrjoyr Member

    I would add that vultr offers ddos protection at an additional $10 per month per server.

    If you don't want to pay the extra, OVH does it for free on all their servers.

Sign In or Register to comment.