Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Best DDoS protection for the money
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best DDoS protection for the money

In my experience I have never come across the need for DDoS protection and mostly considered it a curiosity big companies would face from hacking groups. After some reading recently I came across some information stating that DDoS was now something that was fairly easy to carry out by low skilled attackers and for some years now there have been services where you could pay to have a target DDoSed.

While this isn't exactly a major concern for me right now I am wondering what would be some ways to handle something like this without breaking the bank. Generally it's better to be reactive than proactive.

I would also be interested to know if this has ever happened to anyone, how long did it last how was the problem solved and any other basic information that you wish to share about the attack.

What are the LET members using and how much does it cost?

Comments

  • CConnerCConner Member, Host Rep

    We've had great results with Corero's DDoS protection. Especially on their new NTD1100 appliances. We've since started implementing it ourselves and the results have been great so far.

    Thanked by 1Actavus
  • Are you a provider or customer?

    If you rent servers, you would want to use providers with antiddos systems ready.

    OVH (VAC/Smaug)
    NFOservers (Unknown, likely Arbor or Corero)
    Zare (Unknown, Juniper?)
    Clouvider (Corero + FlowSpec)

    If you are Colo provider, then buy expensive hardware and large upstream port.

  • CConnerCConner Member, Host Rep

    @stefeman said: Zare (Unknown, Juniper?)

    Corero + Juniper

    @stefeman said: NFOservers (Unknown, likely Arbor or Corero)

    Router based solution + FlowSpec. Inquired about their method a while ago

    Thanked by 1Zare
  • I would say OVH's DDoS protection is still one of the best and most affordable. Our gaming community has receiving attacks for over 10 years. Without OVH it would not have survived.

  • MarcoooMarcooo Member, Host Rep

    The datacenter we use uses Huawei AntiDDoS 8000 series

  • Akamai

  • SplitIceSplitIce Member, Host Rep

    It isnt entirely clear whether you are after the best, or the cheapest. Since you mention that you arent currently under threat you may be best looking for the cheapest.

    You are correct attacks are very accessible. With many free and cheap stressers available attacks it doesnt take anyone with particular skills or resources to launch an attack and give you a bad day.

    The types of mitigation available at for cheap / included "free" with some dedicated server providers may help you if all you see is a small low-spec attack once in a blue moon (of course you will also need some technical know how for if/when this goes wrong). Although more and more stressers these days have particular attack methods targetting these (I'm not going to detail weaknesses, or provide stresser names - don't ask).

    Services where you pay directly to have a target attacked by an individual/group are generally high spec as they are launched by professional attackers. Those are the types you hope not to receive, as they will try all the methods in their arsenel until they find something that causes an effect - and keep it up for days, weeks, months (from experience) - as long as the client pays.

    If you are looking for something more expensive (and arguably better as they will provide you with an account manager and have substantially more human resources) companies like Akamai exist. Just be wary not to have a heart attack when paying the bill.

  • SplitIceSplitIce Member, Host Rep

    @trycatchthis said: Generally it's better to be reactive than proactive.

    And yes, it's definately better to be proactive. You don't want to be dealing with moving servers, or setting up remote protection during an incident at 3 am.

  • For these particular projects, I have providers that do not seem to explicitly offer DDoS protection so I was looking to see what 3rd party options are. These are VPS and not dedicated or co located so physical hardware is not necessary. But the information on how people handle it with physical hardware is good to know.

  • FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

  • @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    This seems to be catered towards the provider.

    Wouldn't a CDN have huge costs under a DDoS which has me nervous about using them. WAF wouldn't these be overwhelmed?

  • @trycatchthis
    Ah ok as an user you should rely on L7 protection, such as Cloudflare or many other services (some are very expensive and others are quite cheap)
    If you would like to try out a L7 protection feel free to contact me

  • @marvel said: Without OVH it would not have survived.

    man, you didn't get any serious attacks, ovh is sheet

  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider
    edited April 2021

    @trycatchthis as mentioned above. Corero is nice but very expensive and relies on you having a big pipe coming in in the first place.

    Give https://Path.net a look. Let them know that DataIdeas-Josh sent you. I highly recommend them.
    Just let them know what your looking for and they will be able to work with you. Great customer service!

    Edit: fixing autocorrect spelling.

  • BinaryBinary Member, Host Rep

    @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    FastNetMon only does simple bandwidth threshold "detection", and source-IP blackholing.
    Didn't hear much good about Path, but that might be worth a shot.

  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider

    @Binary said:

    @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    FastNetMon only does simple bandwidth threshold "detection", and source-IP blackholing.
    Didn't hear much good about Path, but that might be worth a shot.

    Give Path a shout and let them know DataIdeas-Josh sent you.

  • ehhthingehhthing Member
    edited April 2021

    You can use Cloudflare for web services, free unlimited L4 protection and some basic L7 protection as well.

    (Basic as in, lots of people have tried to attack it and some have succeeded, but either way you can implement some L7 attack protection on the webserver level since they're much easier to protect against than L4 attacks which require large upstream bandwidth)

  • @Binary said:

    @vcdn said:
    FastNetMon for detection + A reliable BGP scrubbing provider if you need to protect L4 services and you are a provider, for L7 only you could just rely on a CDN/WAF or cloud protection service

    FastNetMon only does simple bandwidth threshold "detection", and source-IP blackholing.
    Didn't hear much good about Path, but that might be worth a shot.

    Path.net is definitely worth a shot trust me I've been using them for 8 months now, you won't regret it, I wasted so much money on so many different providers like Cloudflare, OVH and way more known provider. I can even show you the tickets I had with those companies that still couldn't help me with the attacks I was getting on my Rust game server and my website where I sell the addons.

  • stefemanstefeman Member
    edited May 2021

    I cant see Path as competent choice due to the fact I know the people that run tempest.net which is path.net official vendor. One was involved with https://octosniff.net/ (Used to pull PSN/XBOX player's home IP Addresses for other DDoS tools) and https://octovpn.com/ while i've seen the other guy even deeper in DDoS scene.

    Anyone that sells poison and cure at the same time cannot be trusted much.

    While this might give them some qualification as they surely know how things are when there are attacks, for the same reason you don't buy used car from your neighbor, remembering what I have seen them typing elsewhere gives me automatic repulsive reaction to anything path or tempest has to offer lol.

    Lets not even mention the "groups" the after mentioned was part of.

    Overall its quite shady given the founder's previous history and the fact there are so many forum shills about it.

    Thanked by 1ploxhost
  • DataIdeas-JoshDataIdeas-Josh Member, Patron Provider

    @stefeman said:
    I cant see Path as competent choice due to the fact I know the people that run tempest.net which is path.net official vendor. One was involved with https://octosniff.net/ (Used to pull PSN/XBOX player's home IP Addresses for other DDoS tools) and https://octovpn.com/ while i've seen the other guy even deeper in DDoS scene.

    Anyone that sells poison and cure at the same time cannot be trusted much.

    While this might give them some qualification as they surely know how things are when there are attacks, for the same reason you don't buy used car from your neighbor, remembering what I have seen them typing elsewhere gives me automatic repulsive reaction to anything path or tempest has to offer lol.

    Lets not even mention the "groups" the after mentioned was part of.

    Overall its quite shady given the founder's previous history and the fact there are so many forum shills about it.

    Please explain the issues at Path/Tempest...

    because "Anyone that sells poison and cure at the same time cannot be trusted much." got me very curious.

  • stefemanstefeman Member
    edited May 2021

    Disregarding the issue with tempest crew, the founder of path.net, Marshal Webb was lulzsec member going by names "m_nerva/cimx/rq42/mudkipznlulz/minervasx" in 2011 and was arrested for all kinds of stuff.

    https://threatpost.com/home-outed-lulzsec-member-mnerva-raided-ohio-062911/75384/

    Selling poison and cure refers to octosniff/octoVPN

    Of course hes well respected now among the providers, so I guess you could call it some teenage phase where you do stupid stuff. He also leaked/exposed/snitched (whatever you want to call it) all of his internet friends to save himself which caused some anger back then.

  • ntlxntlx Member

    While I personally have heard only good things about path.net in the past, you bring up a very valid point. However, I would also argue that a lot of the very best people in terms of combatting BS like DDoS attacks, scams, etc. are people who are former/reformed hackers and the like themselves. Though, I do understand completely the hesitation, and don't blame you.

    I have personal experience with both sucuri (sucuri.net) and defense.net/f5.com - both have their pros/cons. I think it depends mostly on your use case and what kind of infrastructure you are trying to protect. Personally if I had to pick one of the two, I'd go with f5. They were able to mitigate a massive, coordinated attack of a former client we were receiving (this was back in the day when they were still operating as defense, so take that for what its worth) that was absolutely hammering our machines, and rendered it basically at most 10% it's efficacy levels within a very short period of time. I would definitely recommend them.

    Thanked by 2Cybr desperand
  • SirFoxySirFoxy Member

    @stefeman said:
    Disregarding the issue with tempest crew, the founder of path.net, Marshal Webb was lulzsec member going by names "m_nerva/cimx/rq42/mudkipznlulz/minervasx" in 2011 and was arrested for all kinds of stuff.

    https://threatpost.com/home-outed-lulzsec-member-mnerva-raided-ohio-062911/75384/

    Selling poison and cure refers to octosniff/octoVPN

    Of course hes well respected now among the providers, so I guess you could call it some teenage phase where you do stupid stuff. He also leaked/exposed/snitched (whatever you want to call it) all of his internet friends to save himself which caused some anger back then.

    Frank Abagnale was a notorious forger then was hired by multiple companies and the FBI to detect forgery. Usually those that lived on the opposite side have the most experience.

  • pierrepierre Member
    edited May 2021

    The most effective DDoS Protection is just unplugging the router/switch. Always works and never fails. Free, Instant, and super easy to manage!

    Thanked by 1skorupion
  • CybrCybr Member

    @pierre said:
    The most effective DDoS Protection is just unplugging the router/switch. Always works and never fails. Free, Instant, and super easy to manage!

    You mean the most effective DDoS attack... Cutting the servers connection is the entire goal of any attacker targeting a network.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @stefeman said:
    Disregarding the issue with tempest crew, the founder of path.net, Marshal Webb was lulzsec member going by names "m_nerva/cimx/rq42/mudkipznlulz/minervasx" in 2011 and was arrested for all kinds of stuff.

    https://threatpost.com/home-outed-lulzsec-member-mnerva-raided-ohio-062911/75384/

    Selling poison and cure refers to octosniff/octoVPN

    Of course hes well respected now among the providers, so I guess you could call it some teenage phase where you do stupid stuff. He also leaked/exposed/snitched (whatever you want to call it) all of his internet friends to save himself which caused some anger back then.

    I honestly don't care too much about what they did when they were in their teens or what have you.

    What I can tell you is that when we were getting deep dicked during the New Years weekend, Marshal gladly took my call and rallied all the troops to get me onboarded within around an hour.

    Within 10 minutes of initial reach out I was in a call with Marshal. He explained their platform and offered to help us out, no commitment. Within 30 minutes I was in a group chat with Konrad, Zigi, Marshal, and August, and they started to get us onboarded.

    They reached out to NTT & GTT and got AS-SET's flushed so our prefixes would be instantly approved. They got us GRE's and everything configured quickly.

    Zigi even stayed on during the weekend helping users with any issues they may have been seeing while we were in "shields up" mode. He tweaked things to improve service for everyone.

    Cloudflare on the other hand told me "we're in read-only for the next X weeks, you're on your own", even though we had been begging/pleading with them to get us BGP support, or at least approve all of our ranges. To date they still can't "figure out" how much they should charge to just have my ranges approved, not always-on mitigation.

    I legitimately don't give a flying fuck if Marshal was a /b/tard posting meatspin shock videos or whatever.

    They saved my ass and I thank them for that.

    Francisco

  • @Francisco said:
    I legitimately don't give a flying fuck if Marshal was a /b/tard posting meatspin shock videos or whatever.

    You make it sound like that's a bad thing

    Thanked by 1Francisco
  • joyrjoyr Member

    I would add that vultr offers ddos protection at an additional $10 per month per server.

    If you don't want to pay the extra, OVH does it for free on all their servers.

Sign In or Register to comment.