Knowledgebase

Portal Home > Knowledgebase > Articles Database > Does upstream help against DDOS?


Does upstream help against DDOS?




Posted by MattF, 08-30-2012, 08:36 AM
Lets say you purchase 1gb commit on 10gbps ethernet on fibre connection, on 95% percentile basis, with overages at X/per mbit. That gives you a maximum 1.5 days of burst, if someone manages a sustained DDOS attack for 1.5 days, or say 3x12hrs then one can essentially sting a competitors with upto 9gbit overages. Now lets say that this is a distributed DOS that you cant fight at application or tcp/stack level, they are using simplistic flooding, i.e. raw socket just sending the first part of TCP handshake, but in large volumes say each node is throwing out at continous 3mbit stream of small packets that do nothing, 1000 participants in a bot net and you have 3gbit incoming. With regards to preventing overage charges, how would you handle this? Is there anything one can do other than absorb the traffic and try to filter out the DDOS once on your network If some says any of the following, then youve misunderstood the problem so please refrain from fluff posting. - add XYZ to sysctl.conf - install CSF, APF, etc.. - install a hardware firewall in front of server
Posted by Steven, 08-30-2012, 08:01 PM
Typically, if you go over your BW allocation, your paying for it. Not really any way around it. MattF, I suggest you have a chat with Jeff from Blacklotus. He probably has some input on ways to handle this that he could help you with.
Posted by ddosguru, 08-30-2012, 08:03 PM
DDoS mitigation services have special contracts with the carrier which explicitly excludes billing for ingress bandwidth.
Posted by MattF, 08-30-2012, 10:58 PM
Thats make sense, I just noticed AWS incoming bandwidth is free, as is Rackspace CloudServer and Softlayer. But I presumed that becauses with their volumes the aggregate outgoing dwarfs incoming even in the times of multiple flood style ddos attacks and they just get billed for larger. So a small/medium DDOS hosting player with say a 1gb commit on a 10gb connection can often have the 95% of incoming over a month at a greater point than the 95% of outgoing and still get billed for the lower of the two rates (the outgoing) only?


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
what do I have to know before start reselling (Views: 592)
Maximum Number of Accounts Per Reseller (Views: 606)
Why some Saburovo Athlon's plans have disappeared ? (Views: 570)
Error Insecure dependency in chdir while running (Views: 594)
Save javascript and php from seeing (Views: 578)