DDoS - Are you protected?

[SenseiSteve]

In web hosting, ensuring that your servers and websites are protected from DDoS attacks is critically important as attacks by cybercriminals continues to increase in both scope and volume. An alarming number of web hosting providers still lack adequate DDoS protection services, so it’s incumbent to ask what protection they do provide.

If you’ve purchased DDoS protection from your web hosting provider, do you know what levels of network, application or protocol layers that it protects you from? When they filter attacks, will they allow legitimate traffic to pass through unhindered?

What questions should a prospect ask to ensure they'll be protected from DDoS attacks?

 

[Castordor]

My first online business was providing teamspeak servers back in 2012, I used several DDoS protection providers and none of them were able to protect efficiently against attacks targeting it. I lost several clients at first because I was advertizing as DDoS protected teamspeak servers, the DDoS protection providers are not always telling me the truth sometimes you think that you are protected but you are not in fact.

This is different for web servers which are more easy to protect because it's TCP packets not UDP packets as it is for voice communications. OVH datacenter has a real good DDoS protection for web servers.

 

[bigredseo]

We only suffered one HUGE DDoS attack in the years I ran things. And it was big and unexpected. I don't remember the size, but it was in the several hundred MB/s range.. Most hosts were running with 1MB/s-10MB/s switches. It was the late 90s, early-2000's, and bandwidth then is completely different than bandwidth today Nothing like Amazon holding off a multi-terabyte attack in 2020

It targeted a set of IP numbers, so we were able to head that off at the datacenter level, but even their system struggled to keep up with the request and they had to go to their provider to NULL ROUTE the IP number so they didn't have to process it. The inbound attack affect ALL users in the datacenter, not just us.

As far as questions to ask, it's tough, as so many haven't dealt with a big attack. Knowing what the bandwidth of the datacenter can handle, then the route to your cage, switches and servers will help gauge estimates, but really it's about response time and how quickly the center will act to resolve things. How do they monitor it, and what are the actions they take when they see something weird happening.

 

[ughosting]

We use OVH's cloud and OVH provide each IP with either Automatic or Permanent Mitigation. (Mitigation does increase latency a few milliseconds) since they can absorb > 10Tbps, that should be enough for customers. And as our customers each have their own IPs, mitigation of one customer shouldn't affect others. Combined with CloudLinux, we'll often see a customer under attack, but rarely hear from the customer and have yet to hear from customers when another customer was under attack.