Hacker News new | ask | show | jobs
by adrenalinup 4467 days ago
An Anti-DDoS protection ! That's a god-send ! I had a terrible experience recently with Digital-Ocean. A VPS of mine with a fresh launched project was knocked down with some basic ddos attack. The support nodded and pointed to use CloudFlare. My server was down and they didn't do anything, that really sucks, you can't use a VPS without a DDos protection for anything serious. It can go down anytime when some script-kiddie opens a hunder of sockets.

It's really sad that DDoS protection didn't become ubiquitous yet. It's unacceptable that you can get down a server, even VPS with not-so-much bandwidth. All VPS have limited number of sockets and resources and it's trivial to knock them down. Absence of a DDoS protection makes them extremely vulnerable.
1 comments
nwh 4467 days ago
What do you believe "DDoS protection" entails? You got referred to cloudflare, a free* reverse proxy is as good as it's going to get. I can't imagine being attacked like that is anything like the norm.
link
adrenalinup 4467 days ago
Cloudflare is only for HTTP and internet is more than just HTTP.

I had a irc server for my friends, one of not-so-friendly visitors told me that the server will get down, and it went down. I lost ping to my server, CPU & the bandwidth were all at 100%. The support told me that I should use another company. I went to a company that has DDoS protection http://www.online.net/

I find it unacceptable that you can be DDoSed so easily, it's like we're still in 90'.. DDoS protection should be something ubiquitous for small power servers like VPS, otherwise it's trivial to get them down.

link
nwh 4467 days ago
> I find it unacceptable that you can be DDoSed so easily, it's like we're still in 90'..

You can't stop resource exhaustion attacks no matter what you do. There's always someone with a bigger pipe. I'm still baffled that it's 2014 and I can't flush my gumboots down my toilet yet, shouldn't we have solved that already?

> I went to a company that has DDoS protection

What exactly does that entail, technically? Smells like snake oil to me.

link
larsmak 4467 days ago
OVH got a pretty good write-up on their blog[1], well worth a read. It looks as if their solution should be able to mitigate layer 3/4 attacks. From the blog: "Our surplus network has a capacity over 2 Tbps. We have three VAC in production, so we can manage up to 480 Gbps/480 Mpps." Cloud-flare took on the larges DDoS ever seen not to long ago, I think it peaked around 400Gbps.

1) http://www.ovh.com/us/blog/a1171.protection-anti-ddos-servic...

link
adrenalinup 4467 days ago
>There's always someone with a bigger pipe. I'm speaking here about a small size DDoS (<1GB/s) and not the CloudFlare 40GB/s flood.

>What exactly does that entail, technically? Smells like snake oil to me. At least the simple SYN flood and UDP flood. The atacker in question couldn't have anything sophisticated.

link