New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
A Cisco ASA firewall won't do shit against 44Gbps incoming, your pipe is still saturated.
So far so good on the Centarra + CloudFlare recommendations @Serverian
Ah, that's what it is. Yeah, that won't work.. I thought there was some OVH-side filtering firewall available.
There is, but when it's OVH's own servers doing the attacking...
OVH are literally just waiting to be told off by someone very high up.
Ahh that's news to me -- thanks for letting me know.
@goodhosting
You should be able to do this all on just cloudflare if you set everything up correctly if you need help just let me know.
VPS classic from OVH already included DDoS protection pro, did you already try it?
He already tried OVH but most of the attack was originating there.
Nope, you can get the IP behind cloudflare pretty easily (it's literally trivial, just Google "Cloudflare Real IP" or similiar search terms, there are sites that even make it easy for you by providing a searchable database.)
Didn't read the thread now did you... My OP even stated that the attacks originate from OVH, why would I want to make it easier for OVH to attack me by locating locally? Where their firewall doesn't do shit against it..?
I'm sorry, but you don't know what you are talking about. As long as you remove the direct-connect and dc- subdomains none of these sites will be able to get your real IP.
Well i made you the offer. I have done setups that avoid all the known tricks for getting around cloudflare.
Ups
Read it but in insight mode
Just wait their response about this.
I would like to see them respond actually, especially once I had sent them tcpdump data showing their servers attacking mine, and had sent out an abuse mailing in regards to the range that was attacking ours (prior to this NTP amplification.) They still have yet to reply to the abuse matter.
I think I broke Centarra @Serverian
Node is down
.
Who did you piss off so badly to keep DDoSing you for so long? Usually DDoS attacks go away much faster than this.
Maybe the same geeza going for Fraud Record?
Or sz1... Some people are seeing trends.
Centarra is $200 per 10Gbps (with the first 20Gbps provided for $75). Im not sure if you purchased $600 of protection (and if so, why - while reasonable, there are probably cheaper options for your usage level) or if you expected them to tank ~50Gbps on the default 10Gbps or 20Gbps "advanced" option.
https://db.tt/Rny4zx4b
It's all infected consumer devices, all of it. Got this during a good second.
Someone still orchestrated it.
iptable drop all from ovh ip range and private ip
Of course, but it's a botnet was my point. DrDos botnet; since consumer devices shouldn't have an NTP server to begin with (unless it's infected FreeNAS units or something...)
As has been stated a few times in this thread, a good portion of the attack is from OVH.
I pissed off sz1 on IRC the other night and within 5 minutes had a DoS attack hitting the IP I use to connect to the IRC server, the attacking IP was located in China and allocated to China Mobile. sz1 lives somewhere in Asia. I measured the attack at my VM to be 320Mb/s :: 120Kpp/s. Small but enough for Linode to null route.
The attack went on for about 40 hours, stopping for around a day before taking off again last night, this time a DDoS attack. Linode described the attack.. 'The attack was a large scale NTP attack from a wide range of IP addresses.', I didn't press them for any more details. Though it did subside this morning after around 12 hours of being attacked.
Personally I am pretty certain that this is sz1Hosting. I've never been the target of a (D)DoS attack before, ever. The timing is perfect, I haven't pissed anyone else off but him recently.
I had some NTP over the weekend to my DNS cluster and a few other places...
No less that 10 minutes after me posting the above and guess who is being attacked again..
I am seeing increased bandwidth but I am still online.
Sounds plausible. That sz1hosting guy was so full of shit...
When's his ban up?
You mean when it is over? Never, I hope...
sz1hosting does not have the money (or knowledge) to do anything like this, I've known him for a while and i'm sure some other LET members can confirm this... @Ishaq ?
He's just had his whole UK node with Redstation nullrouted and terminated so I hope nobody has done any bad stuff, he's not an evil guy just a little rude sometimes.
Sorry for interrupting your topic GoodHosting!