This actually isn't correct. While Seattle's total capacity if 40Gbps we can generally handle much more due to ACL's and upstream filtering.rd1981 wrote:You could try requesting a second ip that isnt getting targeted and use that for the time being nfo ddos ability is limited they can only handle upto 40Gbps in seattle the other locations are less.
DDos attack null route.
- kraze
- Former staff
- Posts: 4362
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Fri Sep 17, 2010 9:06 am
- Location: California
Re: DDos attack null route.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
Re: DDos attack null route.
Yes, and the fact that the attacker is rewarded is one reason why we really, really, really don't like null-routes and consider them an absolute last-resort measure. Only applied when the entire location is impacted as an emergency measure, always carefully reviewed for accuracy, always followed-up by appropriate further mitigation steps whenever possible. The article that I wrote talks more about this.rd1981 wrote:I would like to add that null routing the servers ips for 8 to 16 hours successfully achieves the goal intended also and take the server down for hours.
Many other providers null-route at the drop of a hat for even small attacks, and don't try filters or other DDoS mitigation measures. That has never been our policy. We don't call ourselves a DDoS mitigation host, but we have put tremendous time and money into protecting our customers as much as possible, and we are well-known for it.
Re: DDos attack null route.
Spending this much money on firewall / filters that doesn't have any effect on large ddos attacks like these is unfortunate.
I get targeted and null routed everyday.
I get targeted and null routed everyday.
Re: DDos attack null route.
Only? You're gonna be hard pressed to find another host that offers what NFO does in terms of DDoS protection without them being a host marked for DDoS mitigation and charging a hefty price for it.rd1981 wrote:You could try requesting a second ip that isnt getting targeted and use that for the time being nfo ddos ability is limited they can only handle upto 40Gbps in seattle the other locations are less.
Re: DDos attack null route.
Our firewalls are highly effective, actually. You may not realize this because we work so hard to neutralize the attacks, with so many that we block not noticed by anyone and others just having a small footnote in the control panel, but we block hundreds of attacks per day, large and small.preben wrote:Spending this much money on firewall / filters that doesn't have any effect on large ddos attacks like these is unfortunate.
Attacks are always magnified over the holidays when bored, unsupervised kids are working full-time to compromise more machines and launch larger and larger ones. Witness that even the "big guys" -- Sony and Microsoft, with a lot more money at stake and a lot more to apply to the problem -- can't take them right now. As always, I've been working straight through my holidays helping customers like you, trying to stop the unusually large attacks that you're attracting.
Re: DDos attack null route.
How bout you approach this from a different angle.
Why are you being targeted? Do you know by who? Is it the game itself that attracts the attacks? The popularity of your server? A pissed off ex member?
If you know who or why perhaps you can reason with them to get them to stop.
I would suggest the following. Remove your game server from gametracker and create your own banner. Your servers integrity and being online is more important than ranking. The reality is you will probably receive less than 1% of your servers traffic from gametracker. However it is a very easy way for attackers to find someone to go after. Get rid of it. I only keep a handful of our servers on GT, more for SEO purposes than anything. I have created our own server banners, with the info needed for advertising.
Something like this...
Just a thought.
If you wish to use it.
Why are you being targeted? Do you know by who? Is it the game itself that attracts the attacks? The popularity of your server? A pissed off ex member?
If you know who or why perhaps you can reason with them to get them to stop.
I would suggest the following. Remove your game server from gametracker and create your own banner. Your servers integrity and being online is more important than ranking. The reality is you will probably receive less than 1% of your servers traffic from gametracker. However it is a very easy way for attackers to find someone to go after. Get rid of it. I only keep a handful of our servers on GT, more for SEO purposes than anything. I have created our own server banners, with the info needed for advertising.
Something like this...
Just a thought.
Code: Select all
[img]http://www.tkcdl.com/lgsl/lgsl_files/lgsl_image.php?s=39[/img]
Re: DDos attack null route.
I realize that you do not mean to attract them and I don't see them as being your fault.
-
- This is my homepage
- Posts: 201
- Joined: Wed Feb 19, 2014 6:07 pm
- Location: Dallas, TX
Re: DDos attack null route.
You could try switching to another location that has a bigger network capacity and can handle larger attacks. Seeing that your servers hosted in New York, you could switch over to Chicago its pretty close and the only people that would see any ping difference would most likely be overseas players.
-
- This is my homepage
- Posts: 1573
- Joined: Sun Jun 26, 2011 8:03 am
Re: DDos attack null route.
Chicago has the same nightly thing. Won't fix anything.
Visit gspreviews.com And Rate & Review Your Old & Current GSP's
Find Your GSP Coupons at gspreviews.com/coupons/
Find Your GSP Coupons at gspreviews.com/coupons/
-
- This is my homepage
- Posts: 201
- Joined: Wed Feb 19, 2014 6:07 pm
- Location: Dallas, TX
Re: DDos attack null route.
Well Chicago is has 10 more GB/s and as kraze said "we can generally handle much more due to ACL's and upstream filtering." He would have better protection against DDoS attacks in Chicago.
-
- This is my homepage
- Posts: 1573
- Joined: Sun Jun 26, 2011 8:03 am
Re: DDos attack null route.
Well I Know ours in Chicago is bad enough on our TS3 that we for the most part can't use it and everyone gets off and goes to other clan TS3 servers that we have permission to use. The choppiness in the past week or more has been horrible. But it only seems to last an hour or so, but it's at the time the everyone is on in the evening.
Visit gspreviews.com And Rate & Review Your Old & Current GSP's
Find Your GSP Coupons at gspreviews.com/coupons/
Find Your GSP Coupons at gspreviews.com/coupons/
Re: DDos attack null route.
Quite honestly, it has been my experience that Chicago area, regardless of the GSP, is one of the most attacked/tagrgeted locations there are. Not sure why, but it seems most attacks are always there. IMO if you want to be central NA, youre better off going with the Dallas datacenter. Still central and seems to get less attacks. For me I go with Atlanta, because it seems to fly under the radar, still gives a great ping for anyone in NA, and our EU players get a most playable game as well. And since I am in Florida and pay for the box, well you know....
@MP If you need some TS3 space, let me know. We have 500 slots and I have all bandwdth codecs maxxed out. I can put a private channel on there for you to use and set you up with admin privileges.
ts3.thekillingcrew.com if you want to test it out. Won't help with your gaming issues though.
@MP If you need some TS3 space, let me know. We have 500 slots and I have all bandwdth codecs maxxed out. I can put a private channel on there for you to use and set you up with admin privileges.
ts3.thekillingcrew.com if you want to test it out. Won't help with your gaming issues though.
-
- This is my homepage
- Posts: 201
- Joined: Wed Feb 19, 2014 6:07 pm
- Location: Dallas, TX
Re: DDos attack null route.
It's not that Chicago is targeted, its just that the majority of communities host there servers in Chicago because its in the center and everyone around the US gets good ping to it.