Quote:
Originally Posted by Phil21
#4. DDoS is hard, lets go shopping! For folks being DDoS'ed, throw your time estimates out the window. For most attacks, it's probably pretty trivial to filter and you'll either not even know you've been attacked, or be down for an hour or two until your host can put some filters in place. However for the REAL attacks (e.g. multi-gigabit, millions of packets per second, non-spoofed traffic, etc.) don't expect much from almost all hosts out there. These attacks are EXPENSIVE to filter, no matter what anyone tells you. First the host needs the inbound capacity to begin with (routers that can actually handle 50 million packets per second are not cheap), and either some very expensive DDoS filtering equipment or a lot of spare hardware and some good experienced tech's to deal with it. We've had customers under 4gbit+ attacks for over a month, where it took an entire rack of dual xeons to filter out the bad traffic. I feel bad for the clients, but this does not come cheap - someone has to pay for the equipment investment and the few gbit of bandwidth being burned.
|
Great post man. Reflectednet just got a plus in my book
. However, on the other side, i very much doubt he's having issues of this kind, as getting the botnet of that size is not as easy as most people think, and to hire someone that operates a botnet of that size would be very expensive for that other person aswell, actually alot more expensive then it would be for him to buy DDoS protection equipement.
Most DDoS's that i've seen have been just few rooted machines running programs that saturate traffic, sometimes try to spoof it through socks (which also cost the person doing DDoS as these are special socks that can handle the bandwidth he's sending through them), or some other form of attack where they are overflooding the apache with requests to database, or flooding some application running on the server that makes the apache choke, or overloads the server.