Hi

I am already having a server from you via 3 rd party.

I am realy happy with you service .

My server went OFFLINE for atleast 20 times till now due to DDOS.
[ I am lucky to get back the server on with in 2-3 hours in each and everytime.. Thanks to Burst ].

Now I am planning for one more server ..this time a fully managed server directly from BURST/NOCSTER.

Can you please tell me how can you save us from this type of DDOS problems.

I heared that if the server is connected with 10MBPS line ( or anything less then 100 MB ) then server will crash due to DDOS attack. I am not worried paying some more $$$. But dataloss will happen. So crash should be avoided.

How will you help us in this problem??

WRONG.....

If somebody does a DDOS attact against 1 box I don't care if you have an OC-192 line connected its goes down.

I had a server ( past ) running on a OC-192 network connection and when the box got hit, it crashed or ran super slow...

The best thing to do to avoid this is not allow SSH access, no IRC allowed and watch / ban anything you see funny.

Originally posted by RobM
WRONG.....

If somebody does a DDOS attact against 1 box I don't care if you have an OC-192 line connected its goes down.

BURST WILL CONNECT MY SERVER WITH WHATEVER NETWORK THEY HAVE. How can I decide and tell them not to connect with OC-192 line.


The best thing to do to avoid this is not allow SSH access, no IRC allowed and watch / ban anything you see funny.

I won't allow IRC.

Mostly I will run some 5-6 sites , mostly message boards in the new server. So there is no need of SSH to the client side. [ I am the only one accessing the server with root user id with ssh ].

What do you mean by : Ban anything you see funny.

BURST WILL CONNECT MY SERVER WITH WHATEVER NETWORK THEY HAVE. How can I decide and tell them not to connect with OC-192 line.


We all wish they had an OC-192 line. :D

See they have I think Gigabit/OC12 which is about 1000/622 mbps

Now an OC-192 can move tons more then what we all have now how about 10 Gbps.

See what I meant above was even though you have a big network, does not mean you cant get DDos Attacked.


What do you mean by : Ban anything you see funny.


If you see like attempts against your server from an IP or User block them.

See the Big 3

1. Block IPs attempting to hurt you.
2. Watch you server Logs
3. Watch server Server Load -

The last one is very important. If you box is running at .10 then jumps to .60 for a 5-10 minutes you can crash it.

My server went OFFLINE for atleast 20 times till now due to DDOS.
[ I am lucky to get back the server on with in 2-3 hours in each and everytime.. Thanks to Burst ].

Something just doesn't sound right there. 20 DDOS attacks against your server? Is your server getting attacked directly? Burst hasn't had too many DDOS issues lately, I couldn't picture one server getting hit that many times & still being on Burst's network. Are you sure it's not a software problem or something?

- Matt

Thats what I was thinking...

I mean the network is been running real nice and I can say 99.9 - 99.8 for past 3 months...

Well..

Sorry for exagarating things. I got DDOS attack atleast some 5-6 times for the past 4 months. Finally I came to know that BURST is the server provider for me and after that I am bit relaxed.
BurstNET is having some 10 years experience in this field so they can tackly this problem very easily.

Just 2 days before BurstNet got DDOS attack and I too noticed my server was down for 2 hours. I send a detail message to Burst Supprt saying that possibile IPs creating DDOS on my server and I got some what simple reply saying "hei.. If you doubt those IPs just ban those IPs from your web boards ".

I don't think this solves the matter.

I am worried about the next attack now.

Connection based DDoS attacks are different from other attacks. They can be server effecting and not network effecting.

In which case, the only things that can prevent it is:

1) A software firewall (50/50 shot, I do not suggest APF)

2) A transparent bridge firewall.

Both which we can provide for an extra fee.

PLEASE TELL THE PRICING.

I Need it.

PLEASE TELL THE PRICING.

I Need it.

Please contact sales to get more information regarding this. Then they can pass on all the information to you.

We first would need to take a look to see what kind of "attack" you're getting to determine if we can stop it with one of those solutions.

Doesn't really matter if we have fiber or not, as all servers are limited via hardware of the 100mbit cards and switches (especially reguarding the uplink). :)

Only thing with us having OC-12 would help with in a DDoS is allow their packets to come thru with no problems and saturate our network devices.

Our network devices are connected to high bandwidth connections, the servers are limited by the network device and network card they are using, which is physical limits. Servers do not have gigE cards in them :D So it is easy to bottleneck servers with a ton of packets since they are coming from a huge pipe to a smaller pipe.

Originally posted by BurstJay
Please contact sales to get more information regarding this. Then they can pass on all the information to you.

We first would need to take a look to see what kind of "attack" you're getting to determine if we can stop it with one of those solutions.

Done.
Call Id : 225058.

Waiting for the response from the sales + Technical.