List of providers who offer DDoS protection.
- Thread starter MannDude
- Start date
Here at GreenHostBox, we offer 20Gbps DDoS protection to all of our shared/reseller/VPS services at no additional charge. It would be great if you can add us to the list!
Certainly: https://prnt.li/Network_-_DDoS_alerts_-_Online___Dedibox_-_Console_1A7592F4.png - Top one was IPv6 as well.
This attacks ranged from 2-30G UDP/TCP and were mitigated after around 2-3minute downtime (sometimes caused my IRC ZNC to timeout (~255 seconds), sometimes not)
This attacks ranged from 2-30G UDP/TCP and were mitigated after around 2-3minute downtime (sometimes caused my IRC ZNC to timeout (~255 seconds), sometimes not)
DomainBop
Dormant VPSB Pathogen
It works. The free protection is Sevi M6-NG and has a delay of a couple minutes before it kicks in. The paid protection (€20 Advanced or €70 Curative) is Arbor Peakflow TMS-4100 and doesn't have a delay and gives you more control over the filters.
drmike
100% Tier-1 Gogent
It would be nice to not only hear about the companies who offer filtering but see notifications, graphs, etc. they provide to end customer (where they actually do).
Gripe of mine so far as a customer of filtering is the black box approach where I haven't a clue of when, where or what happened. I understand prior purchases are eating down the food chain and all....
Gripe of mine so far as a customer of filtering is the black box approach where I haven't a clue of when, where or what happened. I understand prior purchases are eating down the food chain and all....
IPv6
We have the technical capability of doing IPv6 mitigation and three of our locations. We currently however do not offer it, we just don't have enough commit to offer it standalone with any serious volume - primarily due to the need for such filtering being so small. IPv6 is barely used both by clients, and by attackers. We enquired with one of our upstreams a while ago who protect a lot of IRC servers, we asked if they had ever seen IPv6 attacks, the answer was rarely - its been over a year since the last one.
Personally, we will keep working on the capability - we still need to upgrade and test a lot of more of our software to work with IPv6. We will aim to be ready before IPv6 attacks become mainstream, we have a timeline for that and honestly I think thats the best thing to be doing at the moment.
If you experience an IPv6 attack, remove IPv6 while it is occuring. Swapping around addresses could also help (hell, run a round robin of 100+ addresses and make it difficult to attack....). If someone has a legitimate problem with IPv6 attacks, you can contact us. We would be happy to try and help you out if we can.
Graphing
@drmike
While I must admit I like pretty things and to see the system working. I do know the difficulties costs involved in extracting the data for producing attack graphs. While it is possible in most cases to produce graphs, to produce them accurately usually produces extra load on systems, or requires additional hardware to measure flows. A lot of the time const cutting in order to meet the budgets of the desired audience can really impact this. There is usually a lot more to producing these graphs than just measuring the flow through the filters, most systems are able to send ACLs / rues to upstream routers to perform the heavy lifting (i.e a rule might be to drop fragmented UDP packets).
Now this is not to say we don't offer attack details where we can, but accurate graphs can be a challenge.
X4B.Net provides the following system data (currently)
Notifications:
Notification on Nullroute
Notification on Un-Nullroute
Planned Notification:
Notification on Network Level Mitigation start (some locations)
Notification on Software / Layer 7 Mitigation start (optional)
Data Available:
Software / Layer 7 mitigation state: As well as providing Layer7 mitigation this layer takes care of Layer 4 mitigation events < 80k PPS / 800mbps and cleans up network level mitigation significantly. Activation Times and Dates are provided for this location, type of attack is available if we can categorize the dynamic filter created into a named category (DNS Amp, SYN Flood etc). Layer 7 status is also available for most attack types (Wordpress, Joomla, GHP Food, Enhanced Mitigation etc).
Network Level Status: In some locations we can provide information, on the state of mitigation at the network level. This usually includes a table similar to the one provided for Software level mitigation events and in the case of Italy (and hopefully soon another location) a graph. We can also get attack details via ticket for the locations we dont currently have information on, if you have a reason to need it.
Our staff do have access to some data visualization (its actually a 100/s packet sample), customers do not yet have access to this - the lack of scale and fairly raw nature of the data makes it problematic to display without inducing support tickets (Why was I nullrouted when attack is as big as the previous one? etc).
We have the technical capability of doing IPv6 mitigation and three of our locations. We currently however do not offer it, we just don't have enough commit to offer it standalone with any serious volume - primarily due to the need for such filtering being so small. IPv6 is barely used both by clients, and by attackers. We enquired with one of our upstreams a while ago who protect a lot of IRC servers, we asked if they had ever seen IPv6 attacks, the answer was rarely - its been over a year since the last one.
Personally, we will keep working on the capability - we still need to upgrade and test a lot of more of our software to work with IPv6. We will aim to be ready before IPv6 attacks become mainstream, we have a timeline for that and honestly I think thats the best thing to be doing at the moment.
If you experience an IPv6 attack, remove IPv6 while it is occuring. Swapping around addresses could also help (hell, run a round robin of 100+ addresses and make it difficult to attack....). If someone has a legitimate problem with IPv6 attacks, you can contact us. We would be happy to try and help you out if we can.
Graphing
@drmike
While I must admit I like pretty things and to see the system working. I do know the difficulties costs involved in extracting the data for producing attack graphs. While it is possible in most cases to produce graphs, to produce them accurately usually produces extra load on systems, or requires additional hardware to measure flows. A lot of the time const cutting in order to meet the budgets of the desired audience can really impact this. There is usually a lot more to producing these graphs than just measuring the flow through the filters, most systems are able to send ACLs / rues to upstream routers to perform the heavy lifting (i.e a rule might be to drop fragmented UDP packets).
Now this is not to say we don't offer attack details where we can, but accurate graphs can be a challenge.
X4B.Net provides the following system data (currently)
Notifications:
Notification on Nullroute
Notification on Un-Nullroute
Planned Notification:
Notification on Network Level Mitigation start (some locations)
Notification on Software / Layer 7 Mitigation start (optional)
Data Available:
Software / Layer 7 mitigation state: As well as providing Layer7 mitigation this layer takes care of Layer 4 mitigation events < 80k PPS / 800mbps and cleans up network level mitigation significantly. Activation Times and Dates are provided for this location, type of attack is available if we can categorize the dynamic filter created into a named category (DNS Amp, SYN Flood etc). Layer 7 status is also available for most attack types (Wordpress, Joomla, GHP Food, Enhanced Mitigation etc).
Network Level Status: In some locations we can provide information, on the state of mitigation at the network level. This usually includes a table similar to the one provided for Software level mitigation events and in the case of Italy (and hopefully soon another location) a graph. We can also get attack details via ticket for the locations we dont currently have information on, if you have a reason to need it.
Our staff do have access to some data visualization (its actually a 100/s packet sample), customers do not yet have access to this - the lack of scale and fairly raw nature of the data makes it problematic to display without inducing support tickets (Why was I nullrouted when attack is as big as the previous one? etc).
Last edited by a moderator:
Could you add us to the list?
Thanks!
Thanks!
DDOS protection in Asia is expensive
Another provider you might want to add to this already good list of DDoS protection providers is Javapipe. They have been around for some time and I used them in the past when I needed more application specific DDoS filtering for a client (they are pretty good in customizing the filtering rules depending on attack/application).
We offer Arbor Pravail and F5 mixed DDos protection for our servers located in Russian Federation. Also in Switzerland. Unfortunately this service is not for free. Since the end of coming January,same scheme will apply to servers located in Sweden and Estonia aswell.
cough cough....
