DDoS - how is the problem mitigated elsewhere?
I've read the discussions on here regarding Linode's 3 strike policy when dealing with DDoS attacks, and I agree with it; so no flaming please. I was just wondering; how do other hosting providers tend to tackle the problem? (DDoS protection providers aside). I want to move an ecommerce site over to Linode, but want to be sure that I am the only weak link in the chain.
11 Replies
@Matw:
I've read the discussions on here regarding Linode's 3 strike policy when dealing with DDoS attacks
And what policy would that be? I don't see anything in the TOS, FAQ or anything like that. Are you referring to people attacking you? Are you referring to attacking other sites from Linode?
No-one is attacking my servers; I'm only running a test site with Linode atm. Nor am I talking about Linode servers instigating attacks. I'm just interested in learning about the measures other hosting providers (and Linode if relevant) typically take to secure their network as best they can against DDoS intrusion.
@Matw:
So null routing is the only effective response to a DDoS attack? I imagined there would be a whole lot of precautions / responses that a hosting provider could use before such an expensive solution was needed…
Well, "effective" is a spectrum and sort of depends on how you define it, but that's why DDoS attacks are so nasty. Most of their impact comes from the fact that they are tying up inbound bandwidth and/or resources on the target machine, so the damage is already done if the packets reach their target at all in the first place. The only absolutely guaranteed remedy is always upstream of wherever the most damaging choke point is.
If the DDoS is not saturating the inbound network path, but just bogging down an application on a single VPS, blocking it via local filters (so it gets dropped at the network layer before the app sees it) can be effective. Less so if the basic packet processing load is high enough to bog down the VPS even without the packet reaching an app. And that's something you can do yourself. Odds are decent that in such cases, neither Linode nor the data center might even notice unless the bandwidth usage was hurting other hosts.
The next level would be traffic sufficient to bog down the overall Linode host (not just your VPS), which might be able to be dealt with at the host level, but would need Linode's involvement.
But the moment the total traffic load begins to bog down network infrastructure itself, you have to attack it upstream, since otherwise it's already using the network capacity before any other point where it can be filtered.
– David
I guess what I'm concerned about is how "unmanaged" Linode really is. My definition of unmanaged was that the box is entirely the client's responsibility, fair enough, but the network would be as managed as you would expect elsewhere. From what I've read on the forum there is an implication that Linode are more hands-off than most when it comes to network issues such as DDoS attacks. If I'm wrong, please say so, but it's that line of thinking that made me wonder what other hosts do, and therefore what I would be missing if I committed my business to Linode. I'm just trying to gather facts to make an informed business decision…
-Chris
@caker:
If the attack is large enough that we notice or customers are affected, you bet we'll be immediately involved. We actively monitor for network issues and are constantly upgrading and improving our network…
-Chris
My new technology from Dimension X will render your efforts useless.
Krang
Thanks Chris. It sounds like Linode are no different from any other host with respect to dealing with potential network issues, which is reassuring. So far I've really been impressed with the speed of my little 512 Linode, I just need to convince myself that I'm capable of securing it well enough for a production environment!