[TacticalCoder]

I take it at one point people will start to believe that I work for OVH (I really don't) but... OVH has a mandatory DDoS protection on all its dedicated servers: fees have been slightly raised to take that mandatory protection into account.

There are a few gotchas, including if I understand it correctly the need to "retry twice" when you try to SSH in your server when a DDoS is going on but...

OVH doesn't even feel a 85 Gbps attack (let alone a 20 Gbps one like in the article). They can deal with attack much larger than that automatically.

They seem to have very good DDoS protection against the "flood" type of DDoS. And this is pretty much transparent to users.

I hope more and more hosting company start implementing similar anti-DDoS features: more competition would bring better protection against flood-type DDoS and cheaper price.

Here's the explanation as to how their system works (in french but there are several graphics):

http://www.ovh.com/fr/a1164.protection-anti-ddos-service-sta...

Basically as soon as a DDoS trying to saturate your server(s) is detected the attacker faces the problem of needing to DDoS... OVH itself.

And the DDoS doesn't even make it to your server while the legitimate trafic still does.

I find it great that there are people actually looking for solutions to the DDoS issue.

[grok2]

Products by people like Arbor Networks (http://www.arbornetworks.com/) helps with this -- I think they essentially observe traffic patterns and siphon what they detect to be DDoS traffic to alternate routers at the edge of the network to study and blackhole.

[pktgen]

OVH uses Peakflow as one component of its mitigation system.

[cordite]

I have a service on OVH myself.

Though a friend at another related service had been kicked from two VPS providers due to receiving a few DDoS attacks. These providers claimed it was against their Terms of Service and ejected him as a customer. That day he learned it is best to keep offsite-cross-company backups of everything, since he did not get a single byte from his machines.

[yardie]

Who are these providers that just delete client data? I run a small datacenter for our niche of clients and when the contract terminates or the project is finished I box up all their data and fire it off to S3.

Storage is so cheap these days there is no excuse not to keep client data for at least a month.

[yogo]

Claiming it was against the terms might be an easy out for them but is silly since being a target is outside of your control, for the most part. Hosts will usually null route customers without sympathy to protect other customers so it's the price of doing business.

[kalleboo]

It makes a DDoS an even better extortion. "Pay up or we'll get you kicked from your hosting provider."

[alxndr]

"...and potentially lose all of your data, if you haven't been planning ahead"

[lelandbatey]

Yes, I also have an OVH server, and I've gotten the email "You're getting DDOSed, we're handling it" (paraphrasing) about a half dozen times. Each time, it's a seamless transition.

I'm a big fan of OVH.

[snowwrestler]

IMO if your business depends in your site being up, DDOS protection should be mandatory. You should budget for it and have it on or ready to go on short notice.

It just shouldn't be a surprise anymore that DDOS's happen.

[derekp7]

What happens when a ddos is indistinguishable from regular traffic? Or is it the case that it almost always follows a particular pattern?

[pktgen]

It's always a matter of capacity. If there is absolutely no attribute you can distinguish it by, you have no choice but to handle it like normal.

In practice, there is. If we're talking about an HTTP flood, the other endpoint address is always validated (due to the 3-way handshake) so it's plausible to rate limit and block individual addresses. (But without validated client addresses, the rule is to NEVER create state off those, because spoofing is too easy.)