Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Cloud based DDOS mitigation
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cloud based DDOS mitigation

theccietheccie Member
edited March 2014 in General

What is your opinion on Cloud based DDOS tool (Change your DNS records , point to DDOS platform provider).
Would you consider using it?
What would be your biggest concern, performance? information security? other concerns?

Will you choose to use a cloud base DDOS service
  1. Will you choose to use a cloud base DDOS service30 votes
    1. YES
      36.67%
    2. NO
      30.00%
    3. MAYBE
      33.33%

Comments

  • Cloudflare does this.

  • tchentchen Member

    Um... once they know your IP, changing DNS records does not help except against the most brain-dead skiddie.

  • Agree, suppose I use their service from day 1 it shouldn't be a problem.
    Or, I can secure my server to allow only source IP from DDOS platform.

    @tchen said:
    Um... once they know your IP, changing DNS records does not help except against the most brain-dead skiddie.

  • theccie said: Agree, suppose I use their service from day 1 it shouldn't be a problem. Or, I can secure my server to allow only source IP from DDOS platform.

    @tchen said: Um... once they know your IP, changing DNS records does not help except against the most brain-dead skiddie.

    yeha one thing that is imporant is only allowing there ip address but still means u can be over whelemed. one thing i always recommened is working with a hosting provider that allows use to get new ip addresses from them in different blocks.

  • To any of you currently using any kind of cloud base DDOS service:

    Can you share your experiences with them?
    How do you measure their success/failure?
    Do you get logs/statistics from them?
    Does it bother you when you can't see the client IPs in your http log?

  • raindog308raindog308 Administrator, Veteran

    @theccie said:
    Does it bother you when you can't see the client IPs in your http log?

    How does Google Analytics, etc. behave when using Cloudflare/similar?

  • I would expect it to be the same.
    Personally I would like cloudflare to let me access the raw logs, don't know if that's any SDN provider would do.

    @raindog308 said:

  • Awmusic12635Awmusic12635 Member, Host Rep

    @raindog308

    You can have cloudflare auto add to each page of your site for you

  • @Fliphost said:
    raindog308

    You can have cloudflare auto add to each page of your site for you

    Not quite sure what you mean...

  • Thanks that seems to be a great feature, I always felt adding google analytics code is a hideous task :-D
    BTW I am very interested to know their "Advanced DDoS protection" feature, can anyone share some experience on that?

  • What do you call cloud based? Everything from email to food seems to be "in the cloud" now...

  • Awmusic12635Awmusic12635 Member, Host Rep

    @theccie Though I have not used it personally, from what I have been told on their business and enterprise plans they will pretty much tank anything for you.

  • @Fliphost said:
    theccie Though I have not used it personally, from what I have been told on their business and enterprise plans they will pretty much tank anything for you.

    It blocked a 400Gbps+ attack.. I'd assume it is.

  • Awmusic12635Awmusic12635 Member, Host Rep

    @Void_Whisperer Thats a bit different. They didn't really do that . In the case of the 400Gbps attack most of it had to be forwarded to their upstreams.

  • @Fliphost said:
    Void_Whisperer Thats a bit different. They didn't really do that . In the case of the 400Gbps attack most of it had to be forwarded to their upstreams.

    True, but it still stands that they helped to keep a website up through it.

  • @linuxthefish said:
    What do you call cloud based? Everything from email to food seems to be "in the cloud" now...

    Maybe cloud based is not the right word... I mean that kind of DNS based service like SDN, what ever you call it.

  • nonubynonuby Member
    edited April 2014

    > @tchen said:

    Um... once they know your IP, changing DNS records does not help except against the most brain-dead skiddies

    There seems to be a mentality that it's always possible to find the origin server IP, this isnt the case. This only happens if you fail to cover all bases, e.g. you do brain dead stuff such as use your own outgoing SMTP server (who does this nowadays even w/o cloudflare or alike?) or you scraping from your frontend servers etc.. or you leave dns records such as mx pointing to the web server (again brain dead on several levels - who runs a mail server on a frontend web server - heck who runs their own mail server nowadays apart from brain dead cpanel users)

  • tchentchen Member

    Nah, it was the 'cloud based' thing that threw me off. I thought he was standing up filter endpoints on demand and that you changed dns entries after the fact.

Sign In or Register to comment.