DDos Protection from ISP

Forums › New Zealand Broadband › DDos Protection from ISP

1 | 2 | 3 | 4

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41067

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1165759 31-Oct-2014 12:11

zaptor:
freitasm: You're completely missing the point or trying to create something that doesn't exist.

DDoS are not testing tools. It will affect networks as it goes through.

AFAIK these DDoS services exist under the (false?) guise that they provide a legitimate service. Well, that seems to be the rationale anyhow.

These are legal like those Russian-based websites selling mp3 are legal... In other words NO, they aren't.

some people buy mp3 on Russian sites and say "I paid for it, so it must be legal", not thinking they are handing out their credit card details to a bunch of pirates. Paying for something doesn't make it legal.

DDoS services are not legal.

zaptor:
plambrechtsen: If you are doing it as per your example on a local LAN then that's fine...

Agreed.

I believe that's what I was trying to clarify for you, since you said "DDoS of any type isn't legal".

Again you are confusing LOAD TESTING with DDOS. Different things. VERY different things.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

HawK89

75 posts

Master Geek
+1 received by user: 6

#1170345 6-Nov-2014 21:25

charsleysa:
I got told by Snap technical support that my connection received a DDoS attack and that it was affecting their network.

They also said that if I continued to receive DDoS attacks they would look into suspending or even cancelling my connection.

Ignore my previous post. They obviously changed the way they handle things now. I had this happen moments ago and I had to ring Snap! myself to find out that my connection was blacklisted because of an attack. The tech guy basically accused me of doing miscellaneous activities and causing this attack. Honestly, If I was the only user of this connection, the conversation would definitely have gone differently. I was offended by this and would of demanded for evidence.
Completely different from the last time I had a DoS attack which they blocked the incoming traffic and I was on my way to continue surfing.

mercutio

1392 posts

Uber Geek
+1 received by user: 134

#1170396 6-Nov-2014 22:53

usually with ddos attacks the target ip is blocked. that is normal behaviour. i'm surprised snap allow users to be ddos'ed multiple times a month without terminating them.

raytaylor

4076 posts

Uber Geek
+1 received by user: 1296

Trusted

#1170409 7-Nov-2014 00:08

zaptor: I don't think they're necessarily intended to disrupt ISP subnets, but, just enough to give someone (like a console gamer) an "edge" during online play.

I should probably clarify something.
When we advertise blocks of ip addresses to other ISP's, we do it in a minimum size of a /24 subnet. You can make each advertisement cover a smaller subnet, but it can affect the size of the global routing table so everyone tries to be polite and not advertise blocks smaller than /24's. Currently most ISP routers can get away with 2gb of ram but as the internet grows, the routing table grows too and so many high level routers will need to be upgraded.

BGP is used between routers to say "hey any packets of traffic destined for x.x.x.y can be sent to me, and I'll pass them on"
The router at the other end may also receive that message from another router somewhere else and will work out the fastest path to get to the source of the advertisement and send the packets along that route.

So if we want to stop advertising 192.168.1.45, we need to stop advertising 192.168.1.1-254 (or 192.168.1.X) but we can still advertise 192.168.2.x 192.168.3.x and so on

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

mercutio

1392 posts

Uber Geek
+1 received by user: 134

#1170422 7-Nov-2014 02:52

raytaylor:
zaptor: I don't think they're necessarily intended to disrupt ISP subnets, but, just enough to give someone (like a console gamer) an "edge" during online play.

I should probably clarify something.
When we advertise blocks of ip addresses to other ISP's, we do it in a minimum size of a /24 subnet. You can make each advertisement cover a smaller subnet, but it can affect the size of the global routing table so everyone tries to be polite and not advertise blocks smaller than /24's. Currently most ISP routers can get away with 2gb of ram but as the internet grows, the routing table grows too and so many high level routers will need to be upgraded.

BGP is used between routers to say "hey any packets of traffic destined for x.x.x.y can be sent to me, and I'll pass them on"
The router at the other end may also receive that message from another router somewhere else and will work out the fastest path to get to the source of the advertisement and send the packets along that route.

So if we want to stop advertising 192.168.1.45, we need to stop advertising 192.168.1.1-254 (or 192.168.1.X) but we can still advertise 192.168.2.x 192.168.3.x and so on

You should ask your transit provider if they can provide community 666 black holing or such.

Also the routing table isn't growing very quickly at the moment, and 2GB isn't needed unless you have very inefficient software, even for multiple full tables.

Basically you send a /32 route to them tagged with community of <their asn>:666 and they'll block it as early as they can.

You can then feed netflow or sflow data to a computer, that then sees when there's is too many new connections, and alerts you when there are so you can take a look, or goes over another limit and just blocks. With residential users I'd vote for blocking early, and fast myself.

1 | 2 | 3 | 4