Hacker News new | ask | show | jobs
by Matt3o12_ 2340 days ago
I’m curious, does anyone know what that means specifically? How can they differentiate normal traffic from malicious traffic? What exactly triggers it? Is a ping flood with a slow (50mbits) internet connect enough? I am aware that the details are mostly likely private to protect them from abuse and are also a trade secret but I have a very hard time to find a general approach that might be similar to their solution?
4 comments
zakki 2340 days ago
Most probably they have DDoS appliances (i.e. Arbor, corero, etc) installed in their network. One of the implementation is they will redirect all customer traffic to this appliance. And then the appliance will get some sample of the traffic and match it with their attack fingerprints database. If matched they will block the traffic. For the good traffic they will let it go to its final destination.
link
FatalException 2339 days ago
This is how we implemented it at an ISP I worked at before. All our peering routers sampled traffic using IPFIX and sent it to an Arbor collector for fingerprinting and analysis. If the collector detected malicious flows it would automatically send a BGP Flowspec message with the list of malicious flows to our peering routers. The BGP Flowspec message would cause our peering routers to redirect the matched traffic to a Arbor TMS server which would scrub the DDoS traffic from the dirty traffic and send the cleaned traffic back to our routers to be routed normally to the end-user. There are other ways to mitigate DDoS but this is what ended working best for us.
link
boudin 2340 days ago
They have their own system (a friend worked on it). I don't know the details of the system though
link
cortesoft 2340 days ago
I don't know their solution exactly, but what usually happens is they look for common packet signatures. Most DDOSes aren't very sophisticated, and can be blocked with fairly simple rules.
link
telesilla 2340 days ago
Linode support is fantastic and we host some critical infrastructure with them for this reason and have been happy for years. DO has the managed DB however so we've been migrating some services to them. If Linode offers a managed DB I'll move everything back.
link
Thaxll 2340 days ago
It's much more advanced than you think : custom asics etc...
link
dkersten 2340 days ago
Source?
link
Thaxll 2340 days ago
https://us.ovhcloud.com/products/security/anti-ddos
link
dkersten 2337 days ago
Thanks
link