New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do I use ddos protection at home?
I'm not much into networking so I don't understand how anti ddos works.
I am planning on investing in a server that I can use at home. I currently have the best isp and plan available in my area, but they don't prevent ddos.
What can I do to protect my home server from ddos, that way my own connection isn't affected as well.
Do I need to invest in certain hardware? If so, what would be the cheapest option?
If server providers don't use hardware, how do they do anti ddos, is it software?
If it's not hardware or software, do they purchase anti ddos from somewhere else? I seen some stuff about people selling anti ddos services, but do they use hardware or software also? I don't get it.
Thanked by 1colingpt
Comments
Well, unless you have a bunch of peers and like 10 * 100 GigE worth of bandwidth, you won't get near to being able to absorb and/or mitigate. You have to understand that your connection cannot be saturated for any appliance to work; which certainly isn't going to work for home.
You would have to pull a tunnel from someone close enough.
Francisco
As Francisco suggested, you could a form of tunnel or reverse proxy to your house which is a pretty effective option.
There is no piece of hardware that you will be able to get which will make your home network more resilient to DDoS attacks.
If you plan on doing this, just make sure your real IP stays hidden and only the tunnel or reverse proxy IP is ever released.
Alright, thanks for the input. The lowend community has made me smarter.
Don't worry, you'll get your dose of cancer soon, i'm sure.
Francisco
You could check if remote protection is possible?
If by remote protection you mean some sort of reverse proxy or tunnel, then yes this is possible.
Residential ISPs most often don't offer this kind of service, simply due to the lack of infrastructure.
Just noticed @Francisco suggested this already haha.
Should just delete drafts in the future
So.... Can I purchase the nearest lowend vps with ddos protection and create a reverse tunnel to my home server? Most providers probably frown on this if you are just using services for anti ddos huh?
@jmackey were you ever part of ClanCD?
Guess you'll have to wait for replies from providers about the tunnel.
Also, I assume you're getting dossed at home..any reason why?
Yes, that is definitely option and the providers definitely wouldn't mind if you did this with your VPS.
There are a lot of VPS out there with bad latency though and not great protection so you should be careful who you sign up with. BuyVM is a great provider in their LV and NJ locations. Although LU seems to have some problems.
There are also providers who will also just give you directly a DDoS protected reverse proxy so you wouldn't have to manage or configure a VPS.
No idea what ClanCD is, I'm not getting ddosed at home. The current servers I have get ddosed, because of what I do on the servers. So I was assuming that if I move the server from a provider to my home, then I would also get ddosed at home. Just trying to figure out how to prevent this before it happens.
Thanks, I didn't know that providers did this.
Yeah, I would get the protection configured and ready before going public with the server.
If you need any help getting this configured, feel free to contact me at anytime. I am an expert with these kinds of configurations.
Are you really promoting what's essentially a terrible idea so you can try up selling him on your remote ddos protection?
@op, when you factor in power costs, uptime guarantees, bandwidth, etc. You'd be much better off colocating /renting servers than trying to host something at home. Not only will remote ddos filtered VPS add more latency, it will also be more work in configuring and managing your setup.
Just check your ISP ToS. A few domestic ones won't allow you to host at home and could throw you off for it.
I think you should let the OP make his own decisions. I also don't think that it is a terrible idea, for $5 the OP can get a DDoS protected reverse proxy and run a huge server from his house. Depending on the kind of server he is running this could be an extremely cost effective alternative.
If they allow port forwarding, you probably have nothing to worry about...
LU's been fine for a long time, your setup is just janky. We have plenty of large anycast proxy deployments and if "Voxility is blocking all of Europe", I would be getting spammed right off IRC/Skype/tickets/etc.
To the OP, most providers are OK with you tunneling off their services unless their TOS/etc says no. To them they shouldn't really care so long as it's legal.
Francisco
My setup is not janky and you know that. In fact LU with my setup works just fine, it's only some ISPs which can not access the service. We also tested removing the protection, and those users were then able to connect.
It's only a few ISP which can not access. You even tested on pingdom, and confirmed that my LU setup was working.
Listen to the market leader plz
And I've yet to get a name on any of those ISP's to ask Voxility. Again, I still feel it's likely single users and not full blown ISP's. In EU they're peered with what almost looks like everyone.
Still, that backs my point even further, LU isn't an issue, the users would have issues getting to Vox no matter the location, anycast just does its job and localizes them to EU.
Francisco
Right, it may be single users. I would need to migrate all my clients back and then get some more data.
I vouched for the quality of your services, but simply said I was having some connectivity problems in LU specifically which seem to be in a single instance. This is a recent problem, and we are awaiting word from Vox. It could be something simple that has to do with the filtering for perhaps my machine only.
Read what I wrote again.
Francisco
Uhm what. The entire point of remote protection/tunnelling is that you do not do that, neither before, nor after.
Thanks for catching that typo, my mistake.
Kindly purchase Asus router.
Not going to help against DDoS.
@JMackey
Another option would be to connect to a VPN that utilises a DDoS mitigated network (certain VPS providers here offer mitigation as an addon).
Marketing at it's finest, that feature won't do s**t against a real DDOS
It doesn't claim to.