DDoS - how is the problem mitigated elsewhere?

Hi all. I'm pretty new to this unmanaged server lark so be nice; I'm clueless! :D

I've read the discussions on here regarding Linode's 3 strike policy when dealing with DDoS attacks, and I agree with it; so no flaming please. I was just wondering; how do other hosting providers tend to tackle the problem? (DDoS protection providers aside). I want to move an ecommerce site over to Linode, but want to be sure that I am the only weak link in the chain.

11 Replies

@Matw:

I've read the discussions on here regarding Linode's 3 strike policy when dealing with DDoS attacks

And what policy would that be? I don't see anything in the TOS, FAQ or anything like that. Are you referring to people attacking you? Are you referring to attacking other sites from Linode?

Maybe policy was the wrong word to use. A search for DDoS returned discussions that implied a 3 strike approach was the general attitude towards dealing with clients that repeatedly receive such attacks.

No-one is attacking my servers; I'm only running a test site with Linode atm. Nor am I talking about Linode servers instigating attacks. I'm just interested in learning about the measures other hosting providers (and Linode if relevant) typically take to secure their network as best they can against DDoS intrusion.

The only effective remedy for a DDoS attack of sufficient severity that it impacts the hosting providers network performance (and the one that is employed by Linode) is to have the target IP null routed by the upstream connectivity provider. This causes the hosting provider to expend time and money mitigating the attack, so if you are the target of more that one attack, you are likely to be asked to take your custom elsewhere. Linode's 'three strikes' is just a rule of thumb. With some other providers, if they have to null route your IP, your account dies with it.

So null routing is the only effective response to a DDoS attack? I imagined there would be a whole lot of precautions / responses that a hosting provider could use before such an expensive solution was needed…

I did specify "a DDoS attack of sufficient severity that it impacts the hosting providers network performance". On an unmanaged hosting service, anything less is not their problem.

@Matw:

So null routing is the only effective response to a DDoS attack? I imagined there would be a whole lot of precautions / responses that a hosting provider could use before such an expensive solution was needed…
Well, "effective" is a spectrum and sort of depends on how you define it, but that's why DDoS attacks are so nasty. Most of their impact comes from the fact that they are tying up inbound bandwidth and/or resources on the target machine, so the damage is already done if the packets reach their target at all in the first place. The only absolutely guaranteed remedy is always upstream of wherever the most damaging choke point is.

If the DDoS is not saturating the inbound network path, but just bogging down an application on a single VPS, blocking it via local filters (so it gets dropped at the network layer before the app sees it) can be effective. Less so if the basic packet processing load is high enough to bog down the VPS even without the packet reaching an app. And that's something you can do yourself. Odds are decent that in such cases, neither Linode nor the data center might even notice unless the bandwidth usage was hurting other hosts.

The next level would be traffic sufficient to bog down the overall Linode host (not just your VPS), which might be able to be dealt with at the host level, but would need Linode's involvement.

But the moment the total traffic load begins to bog down network infrastructure itself, you have to attack it upstream, since otherwise it's already using the network capacity before any other point where it can be filtered.

– David

Cheers David, that makes things clearer. :D

I guess what I'm concerned about is how "unmanaged" Linode really is. My definition of unmanaged was that the box is entirely the client's responsibility, fair enough, but the network would be as managed as you would expect elsewhere. From what I've read on the forum there is an implication that Linode are more hands-off than most when it comes to network issues such as DDoS attacks. If I'm wrong, please say so, but it's that line of thinking that made me wonder what other hosts do, and therefore what I would be missing if I committed my business to Linode. I'm just trying to gather facts to make an informed business decision…

If the attack is large enough that we notice or customers are affected, you bet we'll be immediately involved. We actively monitor for network issues and are constantly upgrading and improving our network…

-Chris

@caker:

If the attack is large enough that we notice or customers are affected, you bet we'll be immediately involved. We actively monitor for network issues and are constantly upgrading and improving our network…

-Chris

My new technology from Dimension X will render your efforts useless.

Krang

Don't worry Krang, Bebop and Rocksteady will return with the equipment on schedule, you'll see!

Thread sabotage! Where are those Turtles when you need them! :P

Thanks Chris. It sounds like Linode are no different from any other host with respect to dealing with potential network issues, which is reassuring. So far I've really been impressed with the speed of my little 512 Linode, I just need to convince myself that I'm capable of securing it well enough for a production environment! :roll:

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct