Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Netcup.de 2 Tbps DDOS Protection .WOW. layer 3-4-7
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Netcup.de 2 Tbps DDOS Protection .WOW. layer 3-4-7

ZweiTigerZweiTiger Member
edited January 2020 in General

Just discovered one of their facebook post.. now they got 2TBPS ddos protection instead of 5Gbps.

https://www.netcup.eu/ueber-netcup/ddos-schutz-filter.php

Comments

  • MikeAMikeA Member, Patron Provider
    edited January 2020

    So what is this, Voxility or something? They just say traffic will be rerouted, no info about how it works.

  • RhysRhys Member, Host Rep
    edited January 2020

    @MikeA said:
    So what is this, Voxility or something? They just say traffic will be rerouted, no info about how it works.

    Looks like they're using anexia for it. (https://anexia.com/en/hosting-it-solutions/managed-hosting/ddos-protection)

  • WebGuruWebGuru Member
    edited January 2020

    Curious to know more about their layer 7 protection and how it works.

    we protect your infrastructure not only against attacks on layers 3 and 4, but upon request also against attacks on layer 7 (application layer)

  • jackbjackb Member, Host Rep
    edited January 2020

    @MikeA said:
    So what is this, Voxility or something? They just say traffic will be rerouted, no info about how it works.

    The rerouting bit makes me think not this - but I believe pushing your mitigation rules to your upstream via flowspec (where accepted by your upstreams) can get you serious gains in terms of mitigations. Might be related.

    One time about 5 or so years ago I saw a Germany IP (/32) that had a nullroute pushed up and level3 dropped inbound traffic at source in Miami. Apply the same principle to mitigation rules and that would be pretty powerful.

  • ClouviderClouvider Member, Patron Provider
    edited January 2020

    Null route != FlowSpec. FlowSpec allows you to pushfirewall rules through BGP to selectively drop the packets, I.e. src port UDP/53 then rate-limit or reject. Blackhole drops everything.

    There’s no tier 1 accepting FlowSpec at the moment, there are however plenty networks using their within their own backbones

  • jh_aurologicjh_aurologic Member, Patron Provider

    @Clouvider said:
    Null route != FlowSpec. FlowSpec allows you to pushfirewall rules through BGP to selectively drop the packets, I.e. src port UDP/53 then rate-limit or reject. Blackhole drops everything.

    There’s no tier 1 accepting FlowSpec at the moment, there are however plenty networks using their within their own backbones

    As far as I remember, NTT or/and GTT offered us flowspec some time ago.

    However, we ended up with RETN as their network was far more attractive for our use case.

  • ClouviderClouvider Member, Patron Provider

    @combahton_it said:

    @Clouvider said:
    Null route != FlowSpec. FlowSpec allows you to pushfirewall rules through BGP to selectively drop the packets, I.e. src port UDP/53 then rate-limit or reject. Blackhole drops everything.

    There’s no tier 1 accepting FlowSpec at the moment, there are however plenty networks using their within their own backbones

    As far as I remember, NTT or/and GTT offered us flowspec some time ago.

    However, we ended up with RETN as their network was far more attractive for our use case.

    Define some time?

  • netcup is a part of anexia company

    Thanked by 1cybertech
  • jh_aurologicjh_aurologic Member, Patron Provider

    @Clouvider said:

    @combahton_it said:

    @Clouvider said:
    Null route != FlowSpec. FlowSpec allows you to pushfirewall rules through BGP to selectively drop the packets, I.e. src port UDP/53 then rate-limit or reject. Blackhole drops everything.

    There’s no tier 1 accepting FlowSpec at the moment, there are however plenty networks using their within their own backbones

    As far as I remember, NTT or/and GTT offered us flowspec some time ago.

    However, we ended up with RETN as their network was far more attractive for our use case.

    Define some time?

    Around two years ago

    Thanked by 1Clouvider
  • ClouviderClouvider Member, Patron Provider

    @combahton_it said:

    @Clouvider said:

    @combahton_it said:

    @Clouvider said:
    Null route != FlowSpec. FlowSpec allows you to pushfirewall rules through BGP to selectively drop the packets, I.e. src port UDP/53 then rate-limit or reject. Blackhole drops everything.

    There’s no tier 1 accepting FlowSpec at the moment, there are however plenty networks using their within their own backbones

    As far as I remember, NTT or/and GTT offered us flowspec some time ago.

    However, we ended up with RETN as their network was far more attractive for our use case.

    Define some time?

    Around two years ago

    My understanding is that this is no longer the case and whoever had access had it later removed, but I guess worth checking with the account manager :-).

    Thanks

  • stefemanstefeman Member
    edited January 2020

    Its very slow in becoming active, moved my personal TS3 server there and it was a nightmare.

    The following attack types were recognized:
    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded for 3 minutes, changing Severity Level from medium to high  (expected rate: 250.00 Kpps, observed rate: 297.68 Kpps) (boundary: managed object)
    The "UDP" host alert signature severity rate configured for "netcup" has been exceeded, changing Severity Level from low to medium  (expected rate: 250.00 Kpps, observed rate: 310.40 Kpps) (boundary: managed object)
    The "UDP" host alert signature has been triggered at router "bbr02.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 116.70 Kpps)
    The "RIPv1 Amplification" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 200.00 Mbps/30.00 Kpps, observed rate: 187.29 Mbps/51.34 Kpps)
    

    Server was down 3 minutes before mitigation even started working, and even then it went offline after working fine for 10 minutes. Moved it back to OVH Game.

  • benj0xbenj0x Member
    edited February 2020

    I'm not sure if their Anti-DDoS got worse since their press announcement. Previously I had received messages about the Anti-DDoS how it got active and filtered small attacks (the server stayed online.). Sometimes they did even null route me.
    However, yesterday evening I got a DDoS Attac,k and nothing happened. The server went offline due to the high amount of traffic. I can see the attack in the control panel quite well (the spike of traffic) but as it seems nothing happened in filtering.

    Monitoring also reported it as down throughout the whole attack.

    Did anyone else experience DDoS Attacks on their netcup service yet and can report about their experiences?

  • Really nice!

Sign In or Register to comment.