# 25.1gb/s attack incoming flood - advice?



## netnub (Jun 2, 2013)

So, my gaming server + website server were nullrouted due to a incoming MASSIVE flood reported to reach 25.1gb/s at its peak. It went down to about 17gb/s constant flood for 15 minutes and provider was unable to block it and nullrouted the server.

I'm looking for very large ddos protection, I have a deep pocket with a max budget of $5000/month. I was checking out ddos protection that can block 64Gb/s (its been tested and it truly does hold up 64gb/s). Thoughts? (protection would cost me close to $200/month with them, plus its in romania).


----------



## Mun (Jun 2, 2013)

what gaming server and website?

Mun


----------



## netnub (Jun 2, 2013)

Mun said:


> what gaming server and website?
> 
> Mun


3 minecraft servers (2 mine, 1 is a friends), as for the website its under construction. The website isn't the target, its the servers we run that is (Call of duty-like server in minecraft and warz/dayz server).


----------



## Ishaq (Jun 2, 2013)

Romania or Switzerland are your best bets for EU protection.


----------



## Jack (Jun 2, 2013)

Switzerland isn't that good @lshaq it's just Solar Commutations which has a big reseller and costs big


----------



## rds100 (Jun 2, 2013)

If you can really get 64Gbps protection for 200EUR/month - get it. That's CHEAP.


----------



## netnub (Jun 2, 2013)

Jack said:


> Switzerland isn't that good @lshaq it's just Solar Commutations which has a big reseller and costs big


----------



## netnub (Jun 2, 2013)

For the record, I need EU, not US.


----------



## drmike (Jun 2, 2013)

That's a ton of bad traffic and a ton of cost.

I don't think your pockets are deep enough to afford 64Gb/s if protection.  Hell the cost of that bandwidth alone is a small fortune per month.

How about dividing this up to reduce target attractiveness and have more manageable numbers to work with?


----------



## Francisco (Jun 2, 2013)

Is voxility still mass nullrouted by cogent?

Francisco


----------



## netnub (Jun 2, 2013)

Francisco said:


> Is voxility still mass nullrouted by cogent?
> 
> 
> Francisco


Not sure, pretty sure they aren't.


----------



## Jack (Jun 2, 2013)

Francisco said:


> Is voxility still mass nullrouted by cogent?
> 
> 
> Francisco




Doesn't look like they are.


----------



## Jack (Jun 2, 2013)

netnub said:


> Not sure, pretty sure they aren't.


They were at one point as I remember trying to access a site on vox's network, I thought it was my ISP at fault as the trace went to Cogent and stopped so I thought that my ISP was having issues with Cogent turns out that Cogent just dropped the /20 that the site I tried to visit was in due to an abusive client on a single /32 in the /20, clearly vox allow that type of client to stay and don't act upon reports from even the upstream providers.


----------



## Ishaq (Jun 2, 2013)

Vox ignore everything.

They take the 'whatever' approach.


----------



## netnub (Jun 2, 2013)

I might just go with vox for the ddos protection and run a proxy through it, any ideas on getting reverse proxy for non-web services?


----------



## Jack (Jun 2, 2013)

netnub said:


> I might just go with vox for the ddos protection and run a proxy through it, any ideas on getting reverse proxy for non-web services?


GRE

http://wiki.buyvm.net/doku.php/gre_tunnel


----------



## netnub (Jun 2, 2013)

Vox 500gb/s protection runs $232 per month.


Vox normal protection is free if the pipe is flooded by over 1gb/s (port speed)


----------



## Jack (Jun 2, 2013)

netnub said:


> Vox 500gb/s protection runs $232 per month.
> 
> 
> Vox normal protection is free if the pipe is flooded by over 1gb/s (port speed)


Vox is your best option to be honest, I'd just go with it.


----------



## netnub (Jun 2, 2013)

Jack said:


> Vox is your best option to be honest, I'd just go with it.


I just don't want to fork over $232 alone for protection since on their site they advertise 64gb/s for about $40.


----------



## LusoVPS (Jun 2, 2013)

64Gb? What kind of haters do you have there?


----------



## netnub (Jun 2, 2013)

LusoVPS said:


> 64Gb? What kind of haters do you have there?


Lots. Its easy to make haters running gameservers


----------



## HalfEatenPie (Jun 2, 2013)

LusoVPS said:


> 64Gb? What kind of haters do you have there?


 

Lots of little kids with credit cards probably


----------



## Marc M. (Jun 2, 2013)

*@**netnub*, we offer level 3 DDoS protection - that means that attacks are mitigated with hardware. It works great. I could set up for you a dedicated server in less than 24 hours - 1Gbit connection, minimum of 10TB/month and so on. Just send me a PM with the specs that you need.


----------



## Jack (Jun 2, 2013)

marcm said:


> *@netnub*, we offer level 3 DDoS protection - that means that attacks are mitigated with hardware. It works great. I could set up for you a dedicated server in less than 24 hours - 1Gbit connection, minimum of 10TB/month and so on. Just send me a PM with the specs that you need.


You're just using Securedservers though? I doubt they will filter much over a few gigs.


----------



## Marc M. (Jun 2, 2013)

Jack said:


> You're just using Securedservers though? I doubt they will filter much over a few gigs.


*@**Jack*, nice one, however how would you know how much they filter or why would you assume that there is a limit? I have a partnership with PhoenixNAP. SecuredServers is just one of their brands.


----------



## drmike (Jun 2, 2013)

Jack said:


> Doesn't look like they are.



Well, you should test Voxility from their network to Cogent.

Did this from Romania to a Cogent point in Europe (non UK).   Routing was all snafued, long tailed out of the way and handed off to several providers.   That was, oh 6+ months ago.

My understanding is the Cogent issue with Voxility has been going on for quite a while.  

Know the company I was testing things for saw the Cogent issues plus slow transfer rates to the US and pulled the plug on Voxility.


----------



## Marc M. (Jun 3, 2013)

*This is what we are using:*​​





@netnub sorry I missed the part where you said you needed this in Europe, and not the US. We do not currently offer any Europe locations.


----------



## Francisco (Jun 3, 2013)

marcm said:


> *This is what we are using:*​​


Do your own clients and Phoenix a huge favor and get written permission to bring a flood that big past to their network.

I had a client get an 18 gig flood at awknet (confirmed it via graphs off their core router) and Justin was livid. Justin specializes in filtering, Phoenix doesn't. Sure, their arbor setup can likely tank some OK sized floods but 10Gbit/sec+ is a whole different kind of beast.

Awknet might deal with it if your pockets are that deep.

Francisco


----------



## KuJoe (Jun 3, 2013)

Can I post pretty pictures?  Our VPS we host our websites on was loving all of the attention.  Also, <3 CNServers for not wanting to nullroute us even after we requested they do.


----------



## Jack (Jun 3, 2013)

KuJoe said:


> Can I post pretty pictures?  Our VPS we host our websites on was loving all of the attention.  Also, <3 CNServers for not wanting to nullroute us even after we requested they do.


Haha, I remember you posting that on twitter.


----------



## netnub (Jun 3, 2013)

Voxility won't give us protection anymore at the advertised rate of (EUR)25/mo, instead they want me to fork over $232 alone for protection. yeah.... no.


----------



## nunim (Jun 3, 2013)

netnub said:


> Voxility won't give us protection anymore at the advertised rate of (EUR)25/mo, instead they want me to fork over $232 alone for protection. yeah.... no.


You said your budget is 5k/monthly?  $232 for 10 Gbps+ DDOS protection seems extremely reasonable...


----------



## netnub (Jun 3, 2013)

nunim said:


> You said your budget is 5k/monthly?  $232 for 10 Gbps+ DDOS protection seems extremely reasonable...


Yes, I know, but I prefer cheaper options, thats why I am asking. If it comes down to it I'll have to use them.


----------



## Marc M. (Jun 3, 2013)

Francisco said:


> Sure, their arbor setup can likely tank some OK sized floods but 10Gbit/sec+ is a whole different kind of beast.


*@**Francisco* you're right, arguing about how big of an attack we can take would be about as stupid as it gets, because despite the fact that I have seen some very impressive attacks mitigated, in excess of what you pointed out, I think that discussing precise figures on an open forum would be ill advised.

*@**netnub* You might have missed *@**Francisco*'s hint, however this is were you need to be at: http://www.awknet.com/ - because *@**Francisco* is right, while we provide DDoS mitigation we do not provide filtering and that might come in handy if you are being constantly attacked.


----------



## Jack (Jun 3, 2013)

marcm said:


> *@Jack*, nice one, however how would you know how much they filter or why would you assume that there is a limit? I have a partnership with PhoenixNAP. SecuredServers is just one of their brands.


Because it's Phoenix, I'm pretty sure bandwidth there is pretty expensive?

What I don't understand is that the people like Blacklotus,CNServers,Awknet are all on the WEST Coast? Where bandwidth is quite expensive like I was quoted close to $25/TB there for Seattle and LA however if you move over to somewhere like NY you can get bandwidth from providers that do renting at like $5/TB?

Why are all the filtering providers on the west coast when it actually seems the east coast is much much cheaper to get bandwidth?

Same goes for 'DDoS Mitigation providers' Limestonenetworks will take 2-3G before a null is applied, Securedservers on the other hand not 100% sure on the limits but I'd guess a max of 10G?


----------



## netnub (Jun 3, 2013)

@marcm pm please? I'm interested in what you said.


----------



## TommehM (Jun 3, 2013)

Jack said:


> Switzerland isn't that good


Well, their flag is a big plus.


----------



## Marc M. (Jun 3, 2013)

netnub said:


> @marcm pm please? I'm interested in what you said.


*@**netnub* no need, just go to http://www.awknet.com/ and place your order ;-) Get you a pretty reasonably priced box with filtering from them.



Jack said:


> Because it's Phoenix, I'm pretty sure bandwidth there is pretty expensive?


*@**Jack* yep, they charge for it's weight in gold now ;-)



Jack said:


> Securedservers on the other hand not 100% sure on the limits but I'd guess a max of 10G?


*@**Jack* again, another yep, at an exactly 10.0Gbit/s attack they null route the IP. Not a nanobyte more. In fact they are so proficient now that they hired a leprechaun to teleport from node to node with a pair of cutting pliers and cut off the the connection if and when a DDoS hits at exactly 10.0Gbit/s and not a nanobyte more. Why bother with null routing when this is so much more efficient?


----------



## shovenose (Jun 3, 2013)

Jack said:


> Because it's Phoenix, I'm pretty sure bandwidth there is pretty expensive?
> 
> What I don't understand is that the people like Blacklotus,CNServers,Awknet are all on the WEST Coast? Where bandwidth is quite expensive like I was quoted close to $25/TB there for Seattle and LA however if you move over to somewhere like NY you can get bandwidth from providers that do renting at like $5/TB?
> 
> ...


That is an interesting point that (while this thread has nothing to do with me) doesn't make a lot of sense. Opening and running a datacenter here on the West coast is much, much more expensive than doing it in like Kansas City... If somebody could explain that this would be really awesome and helpful to not only me but others as well.

That said, even 10G is a helluva big attack. Back when we got attacked a DIgitalOcean the attack was not that many G's but they still nullrouted the server


----------



## netnub (Jun 3, 2013)

Too many bad reviews with awknet so no I won't go with them but I'm interested in what you stated.


----------



## Marc M. (Jun 3, 2013)

netnub said:


> Too many bad reviews with awknet so no I won't go with them but I'm interested in what you stated.


*@**netnub* where did you come across those bad reviews?


----------



## Jack (Jun 3, 2013)

marcm said:


> *@netnub* where did you come across those bad reviews?


Everywhere, netnub try CNServers much better value for money.


----------



## Jack (Jun 3, 2013)

netnub also you were on about EU Filtering?????

Marc is USA West coast, Awknet is USA West coast?


----------



## netnub (Jun 3, 2013)

marcm said:


> *@netnub* where did you come across those bad reviews?


Google awknet review...

"Horrible no support"


"Takes forever" etc


I got covered for my game servers I just need a provider who can give me a dedicated hardware firewall and machine that I can manage acls. Etc


----------



## Aldryic C'boas (Jun 3, 2013)

netnub said:


> Google awknet review...


Or ask any of the clients using our filtering that required ACLs from before we ditched Awknet and started using CNS.  Justin's punishing lack of urgency caused a great deal of headache for Anthony and I.


----------



## Reece-DM (Jun 3, 2013)

I'd say trying Voxility out for there 64Gb's DDOS protection.

I've recently been sent there latest offers for there upto 500Gb/s capacity, its not cheap to some but if they can take that much of a hit then I'd route some traffic through them.

Anybody ever thought those booters may be using them? In effect they'll be DDOS'in themselves


----------



## Aldryic C'boas (Jun 3, 2013)

Reece said:


> Anybody ever thought those booters may be using them? In effect they'll be DDOS'in themselves


I doubt the booters/master themselves are being hosted there... but it would not surprise me at all if many of the filtering providers knowingly/willingly provided service to the kids running the booters.  After all, it would give them a bit of immunity from that particular skid...


----------



## drmike (Jun 3, 2013)

I am perplexed also as to why the only DDoS protection services seem to be US West Coast  

Certainly CNServers, Awknet, etc. must realize there is demand for such elsewhere in the US?

Kansas City and Dallas are two rather large markets where someone could do quite well offering such services.


----------



## netnub (Jun 3, 2013)

so, any more providers?


----------



## Marc M. (Jun 3, 2013)

netnub said:


> so, any more providers?


*@**netnub* as far as I know Google is always a popular place to start. What is the reason why your server is a magnet for such big attacks anyway?


----------



## Reece-DM (Jun 3, 2013)




----------



## netnub (Jun 3, 2013)

marcm said:


> *@netnub* as far as I know Google is always a popular place to start. What is the reason why your server is a magnet for such big attacks anyway?


Fairly large gameservers


----------



## netnub (Jun 3, 2013)

Reece said:


> It wouldn't surprise me at all, lets be fair they must be making a few quid for there misery!


Most actually host in russia: 2x4.ru


----------



## Francisco (Jun 3, 2013)

netnub said:


> Google awknet review...
> 
> "Horrible no support"
> 
> ...


Awknet is...frustrating. When things work? They work pretty well. When they break? You're going to fall on deaf ears.

Justin used to complain that we didn't pay him enough for the filtering he provided us so we offered to gladly pay more, but we wanted tickets handled within 24 hours and some progress made on him improving his syn filtering. He came back to us saying if we wanted better support we better tack on at least 1 more zero to the price we were paying. He never actually gave a real answer to the question, I think he just wanted to see what we'd be willing to pay and he'd just custom price it up.

CNS has been good to us minus it taking almost 2 months to get BGP sessions working properly. We had the option of doing like @kujoe and just have CN announce our space but this put us in a position to not be able to apply our own ACL's easily. Support has been really fast for ACL's and adjustments.

We pay about the same at CN but have already offered to bump up our plan if we need it.

Francisco


----------



## Marc M. (Jun 3, 2013)

Francisco said:


> Awknet is...frustrating. When things work? They work pretty well. When they break? You're going to fall on deaf ears.


*@**Francisco* the only reason why I've said to @netnub to try Awknet was because you've mentioned them before, and I quickly checked their web site and it seems that DDoS is what they specialize in. Personally, I have no experience with them. However I value your expertise and respect your opinions and advice.


----------



## Francisco (Jun 3, 2013)

marcm said:


> @Francisco the only reason why I've said to @netnub to try Awknet was because you've mentioned them before, and I quickly checked their web site and it seems that DDoS is what they specialize in. Personally, I have no experience with them. However I value your expertise and respect your opinions and advice.


We used awknet for 9 - 10 months. Every month was like pulling teeth. For the longest time we had to do our own TCP filtering which was....ok. It worked most of the time but we didn't have the port size to tank super sized TCP floods.

Justin works hard and for UDP? you aren't going to get a better deal. I looked at his graphs earlier and he had someone eating a 20 gig flood for quite a few hours just in the past day or so.

Francisco


----------



## netnub (Jun 3, 2013)

Well, Awknet is ruled out, any others?


----------



## KuJoe (Jun 3, 2013)

Reece said:


> It wouldn't surprise me at all, lets be fair they must be making a few quid for there misery!


I know a lot of DDOS protection services do not allow people who have access to botnets on their network. We recently switched all of our DDOS Protection services to manual activation and we've cancelled a ton of accounts just for posting if "booter/stresser" threads on HF (thank god Omni placed a site-wide ban on these services now).


----------



## turfhosting (Jun 5, 2013)

Go with vox, they are awesome. $200 is really not alot for DDOS protection. Some companies charge thousands!

Anyways, goodluck.


----------

