# DDOS Protection



## netnub (May 23, 2013)

Whats the best? I was looking at BuyVM, dedifrance (which are in my budget). Dedifrance claims to be able to hold 22gbit, buyvm can hold 10gbit or more(not exactly sure)


----------



## Mun (May 23, 2013)

To not get DDOS'd


----------



## netnub (May 23, 2013)

Mun said:


> To not get DDOS'd


funny. I'm talking about for my web server which I host clients on.


----------



## KuJoe (May 23, 2013)

I've heard that VeriSign is the best of the best. Last time I received a quote it started at 1Gbps of protection for $7500/month but they handle protection for a lot of financial firms so I am sure they can handle 22Gbps without blinking.


----------



## Francisco (May 23, 2013)

KuJoe said:


> I've heard that VeriSign is the best of the best. Last time I received a quote it started at 1Gbps of protection for $7500/month but they handle protection for a lot of financial firms so I am sure they can handle 22Gbps without blinking.


They just resell Level 3 so yes, they can get that high 

Francisco


----------



## MannDude (May 23, 2013)

BlackLotus is pretty nice, they come with the bells and whistles including attack monitoring and nice reports, but they're kind of pricey.

This site is using a BuyVM DDoS filtered IP, and things have been great in all honesty. It's been filtering out an ongoing HTTP flood that has been ongoing for days, and for the most part has taken the larger attacks with minimal effort. May be down for a couple minutes once an attack increases, but usually gets filtered out with relative quickness.

Another affordable option would be SecureDragon, I believe they've got DDoS filtered IPs too.

It really just depends on your budget. Have you been hit in the past? How hard? What are the exact requirements you need?


----------



## netnub (May 23, 2013)

MannDude said:


> BlackLotus is pretty nice, they come with the bells and whistles including attack monitoring and nice reports, but they're kind of pricey.
> 
> This site is using a BuyVM DDoS filtered IP, and things have been great in all honesty. It's been filtering out an ongoing HTTP flood that has been ongoing for days, and for the most part has taken the larger attacks with minimal effort. May be down for a couple minutes once an attack increases, but usually gets filtered out with relative quickness.
> 
> ...


I run a VPN and web hosting, vpn has seen 6gbit, web hosting has seen 8 gbit


----------



## drmike (May 23, 2013)

In this segment of industry --- the more price conscious, BuyVM or SecureDragon are pretty much all there is.

Huge lack of options even into the few hundreds of dollars a month for protection.

There are some dedicated server companies that claim to have protection capable of some respectable amounts, but unsure if I'd want to have them tested.

Then again,  I routinely do not directly expose real servers to traffic and front end them with a proxy.  That fits well with the BuyVM protection model.  Latency is a monster in that design though.  But, it is the nature of things and limited options.


----------



## Coastercraze (May 24, 2013)

Steadfast has DDOS protection available for their cloud via a Black Lotus partnership. Was a pretty decent price too I think last I checked.


----------



## wlanboy (Oct 30, 2013)

I would like to update the list of providers offering DDoS protection:


BuyVM: Based on Awknet (Los Angeles)
SecureDragon: Based on CNServers (Portland)
RamNode: Based on CNServers (Seattle)
Liquid-Solutions: Based on CNServers (Seattle)
URPad: Based on BlackLotus (Santa Clara)
It is not that easy to find the correct location of the DDoS protection, because some providers do not publish that information.

So feel free if you can add some additional information.


----------



## Francisco (Oct 30, 2013)

We're with CNServers on the west coast and Staminus on the east coast.

Francisco


----------



## splitice (Oct 30, 2013)

We (http://www.x4b.net) have Protection in many locations.

Including:

Italy - 3Gbps / 300Kpps BURSTABLE TO 7.5GBPS / 750KPPS (Currently Out of stock ETA later this week)

Romania - 10Gbps / 10Mpps BURSTABLE TO 300GBPS / 60MPPS (Particularly good for UDP floods if you are TCP only)

Netherlands 100Gbps / 120Mpps+

 

Denver - 10Gbps / 10Mpps BURSTABLE TO 10Gbps / 14.4MPPS (Currently Out of stock ETA later this week)

Chicago - 10Gbps / 10Mpps BURSTABLE TO 10Gbps / 14.4MPPS

 

We also have Oregon (CNServers) & New York (Staminus)

 

FYI for those who think the filtering description on the Romanian location is  TL;DR. The short version is that burstable protection is applied where attacks are too large to mitigate with our own hardware (using Voxility's Datacenter filters) and to take the edge off large attacks. They arent always suitable for certain use cases (e.g running a teamspeak server during a large UDP flood).


----------



## rds100 (Oct 30, 2013)

@splitce looking at your website i couldn't find out what you are offering out of Voxility. Is there an option to BGP announce a /24 and GRE it to somewhere else?


----------



## splitice (Oct 30, 2013)

@rds100: No this is not an option, it is neither compatible with our methodology or with our contract (due to the pricing we wanted its a bit restrictive in what we are allowed to do in Romania). We may allow blocks of /27's or something of our IPs to be leased to providers in the future however it is not currently possible (for multiple reasons). Not that you cant take out single services with the right justification (which I am sure you have), contact support if you want to discuss this.


----------



## rds100 (Oct 30, 2013)

Ok, thanks for the info


----------



## DomainBop (Oct 30, 2013)

wlanboy said:


> I would like to update the list of providers offering DDoS protection:
> 
> 
> BuyVM: Based on Awknet (Los Angeles)
> ...


OVH offers DDoS protection for free on dedicated, VPS, and cloud (they raised their prices by 1 euro to cover the costs).  They claim to be able to handle "unlimited" Gbps attacks.

http://www.ovh.ie/anti-ddos/

SeFlow offers SeGuard (500Mbps attack prevention included free with dedicated servers, but protection for 10Gbps attacks ranges from €59-€499 depending on the total GB of cleaned traffic).  SeGuard can be purchased for dedicated servers and FastServers (VPS)

http://www.seflow.net/dedicati/ddos.php


----------



## splitice (Oct 30, 2013)

Since I am about to wrap OVH's protection into a separate service I can talk as to their quality. I like to call their filtering "basic" as apposed to the "premium" filtering offered by CNServers, Black Lotus etc (or anyone with a decent hardware to customer ratio). But for 1 euro more (if you have a server with them) you cant complain.

Its about the same quality filtering as we see with Voxility without additional supporting hardware.

--

FYI OP - Clarify your needs (Location? Thresholds? Budget? Special Requirements?)

There is no such thing as Best for all needs.


----------



## GIANT_CRAB (Oct 30, 2013)

Limestone Networks has dedicated servers that offer cheap BlackLotus DDoS (50/monthly) protection.

More info - http://www.limestonenetworks.com/datacenter/ddos_protection.html

I've got a discount, PM me if you're interested.

EDIT: wlanboy, thanks for the necro.


----------



## Kruno (Oct 30, 2013)

splitice said:


> We also have Oregon (CNServers) & New York (Staminus)


It's just BuyVM VPS' though?

@OP - take BuyVM directly and you will be all covered.


----------



## splitice (Oct 30, 2013)

@Kruno, in that location Layer 4/5 filtering is done via BuyVM. Its a bit more than "just a VPS" though


----------



## GIANT_CRAB (Oct 30, 2013)

Damn it guys, he's BANNED.

He can't hear a shit or see your posts.


----------



## splitice (Oct 30, 2013)

Sucks to be him. I guess no one noticed


----------



## tchen (Oct 30, 2013)

Hehe, I'll adopt this thread.  I've been interested in DDoS protection for a while and welcome the thread updates.


----------



## peterw (Oct 30, 2013)

wlanboy said:


> BuyVM: Based on CNServers (Los Angeles)
> SecureDragon: Based on CNServers (Portland)
> RamNode: Based on CNServers (Seattle)
> Liquid-Solutions: Based on CNServers (Seattle)
> URPad: Based on BlackLotus (Santa Clara)


Any other vps providers?


----------



## Echelon (Oct 30, 2013)

We have DDoS protection for our clients out of OVH Beauharnois currently, however we're holding off on pushing it as a feature until the release of v6 APIs and management, so that we can offer advanced control over the protection offered once the tunables are exposed.


----------



## ComputerTrophy (Oct 31, 2013)

Echelon said:


> We have DDoS protection for our clients out of OVH Beauharnois currently, however we're holding off on pushing it as a feature until the release of v6 APIs and management, so that we can offer advanced control over the protection offered once the tunables are exposed.


OVH VAC have poor L7 protection, though.


----------



## Echelon (Oct 31, 2013)

InvokeVM-Kelvin said:


> OVH VAC have poor L7 protection, though.


As it stands, it could definitely be better, hence why I am waiting to see what sort of tunable use will be provided with the v6 API before throwing it out there as a feature, but that being said, I don't particularly plan on charging additional for it either.


----------

