DDOS Linode

Does Linode use any form of DDOS protection? I know OVH has some limited protection and I am comparing the two. Not that I have such an issue, but I like to think of it like a condom. It is better to have it and not need it; than need it and not have it.

Before anyone says, cloudflare, no, just no. Not really looking to pay for another service either.

6 Replies

We do not offer denial of service mitigation services.

  • Les

@akerl:

We do not offer denial of service mitigation services.

  • Les
    Well that sucks.

As previously mentioned, I have no DDOS issue. But with OVH they offer it as part of their service. So it is nice to know that if I ever did run into a problem; I would have something to help.

Thank you for answering my question.

I've been having problems where my IP address ends up on the blacklist of a company I work with because of their hosting service's DDoS software and it always takes several days to get it fixed because it isn't a temporary blacklist.

Sometimes preventative cures can cause more problems than they solve.

It is true that sometimes DoS mitigation on the router can sometimes be better, running DoS mitigation on your host firewall gives you a faster ability to modify things if false positives are causing a problem for legitimate users.

What I would like to see as a way to deal with DDoS is to be able to throttle my linode instead of having it totally null routed - so that peak bandwidth does not exceed the limit. I can, of course, do this myself for outgoing packets, and what my node accepts in the way of incoming packets (via iptables). However, this does not prevent a flood of incoming packets from clogging things up for other customers.

Instead of a null route, would it be possible to rate limit incoming packets for a machine undergoing DDoS?

Another step, where QoS is in place, would be to mark packets to/from the victim as "space available" - as far up the line as possible.

Inbound bandwidth at Linode is free, and by default you've got a 40 Gbps inbound pipe, and Lish will still work even if your linode is being DDoSed, so you should be able to manually mitigate small to medium sized attacks yourself. Not saying it's a replacement for mitigation services, just that when you've got a big pipe and aren't being billed for inbound, you can do more to handle DDoS attacks yourself than you could otherwise.

There are many external service which helps to prevent ddos like cloudflare, just try them

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct