TNCclubman
Well-known member
I cant stand people that do this. I went through a rough 2 years of DOS attacks and have reached a point that I dont want to type out what I want to do to people that do this.
There comes a time when a trying to fight an attack at the server level isn't enough. mod_security and mod_evasive are relatively old protection schemes and easily defeated. It sounds as if Kier has moved to a hardware based solution. It makes one appreciate what security firms like Cisco like do.The server admin can set limits within the software firewall I believe, I am not a server administrator, so you would have to ask Kier.
Incorrect.Information garnered by how and when the DDOS takes place, I imagine, would allow for a goal to be reached in combating said problems.
The programmer who wrote this firewall runs data centers, so I guess he may know what he is doing.
The pipe was fine, there was less than a percentage point of the available bandwidth occupied by the flood. The problem was the 100Mb NIC in this server.a hardware-based solution is not the most effective way to mitigate. The best way to mitigate DDoS is to have more bandwidth available than the attackers can muster.
And all due respect to KD and Co., but a hardware-based solution is not the most effective way to mitigate. The best way to mitigate DDoS is to have more bandwidth available than the attackers can muster. There are a few companies that provide that kid of service - Staminus, Prolexic, etc. They provide a pipe that can't be overwhelmed by a DDoS. It's seamless, awesome and expensive.
I realize that it's hard to fathom from where you sit, but there are actually companies that bring in millions and millions of dollars a year hosting lots and lots of web sites. Those companies get DDoSed very frequently. When you have thousands of customers, one of them is always bound to be pissing off somebody somewhere, ya dig? To a company like that, with a large customer base to protect, a few thousand dollars a month is cheap insurance.Prolexic is 16k upfront and 8k/mo; quite the joke unless you're the Church of Scientology. Then it makes sense.
While this is partially correct, most small to mid sized tech firms do not have access to more bandwidth. It's not like we can call up a tier 1 provider and ask them to throw an extra 100mb of pipe our way for $100 a month. And regardless of how big your pipe is, you still have to have a setup that can deal with the traffic. By creating a larger avenue for attack packets, you're creating more work for your firewall, be it hardware or software based. Somewhere along the way you have to mitigate the attack method and deny send/receive.And all due respect to KD and Co., but a hardware-based solution is not the most effective way to mitigate. The best way to mitigate DDoS is to have more bandwidth available than the attackers can muster. There are a few companies that provide that kid of service - Staminus, Prolexic, etc. They provide a pipe that can't be overwhelmed by a DDoS. It's seamless, awesome and expensive.
Fighting DDoS attacks isn't done by adding more resources, but discovering a way to stop connectivity in the first place. If the attacker can clog up a 100mb NIC, there's a good chance he can clog up a 1gb NIC too.So you need a bigger Network Interface card or Monster server then ?
I realize that it's hard to fathom from where you sit, but there are actually companies that bring in millions and millions of dollars a year hosting lots and lots of web sites. Those companies get DDoSed very frequently. When you have thousands of customers, one of them is always bound to be pissing off somebody somewhere, ya dig? To a company like that, with a large customer base to protect, a few thousand dollars a month is cheap insurance.
People are very sensitive about their web sites (and even more sensitive about their email), so if they go down for, oh, a few hours let's say, large numbers of those sensitive people tend to run away from you as quickly as they can and pay their money to some other host. That's no good. When they do that there's no money for my bonuses, and I need those bonuses to make the payments on my yacht, ya dig?
So the setup fee at a DDoS mitigation joint might be more money than a lot of you see in a year, but there's a big wide world out there with lots and lots of money in it. You may have to expand your imagination to comprehend it, but mental exercise is good for you. Try it sometime.
The best way to mitigate DDoS is to have more bandwidth available than the attackers can muster. There are a few companies that provide that kid of service - Staminus, Prolexic, etc. They provide a pipe that can't be overwhelmed by a DDoS. It's seamless, awesome and expensive.
We use essential cookies to make this site work, and optional cookies to enhance your experience.