User Tools

Site Tools


ddos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ddos [2013/11/12 08:45]
Francisco Dias [How much does it cost ?]
ddos [2016/05/08 02:24] (current)
Francisco Dias [What subnets does the the Layer 7 protection use?]
Line 9: Line 9:
 ===== How much does it cost ? ===== ===== How much does it cost ? =====
  
-Protected IP addresses cost $3.00/month per IP address in Las Vegas and $4.00/month per IP address in New Jersey.+Protected IP addresses cost $3.00/month per IP address in all locations we operate. 
 ===== How much filtering is provided? ===== ===== How much filtering is provided? =====
  
-We provide ​up to 2,​000,​000 ​packets-per-second of filtering ​for TCP based floods and 10Gbit/sec on UDP floods. ​+We provide ​over 140 million ​packets-per-second of filtering ​or over 100gbit/sec for volumetric ​floods.
  
 This amount of protection is **not** dedicated to you but is a pool all protected users share from in each location. This amount of protection is **not** dedicated to you but is a pool all protected users share from in each location.
Line 18: Line 19:
 ===== What types of floods does it protect against? ===== ===== What types of floods does it protect against? =====
  
-Our filtering ​handles spoofed SYN floods, ACK floods, fragmented packet floods, & UDP floods with ease.+Here is an exhaustive list of floods that our filtering ​helps protect against:
  
-There is basic HTTP filtering that can help handle R-U-DEAD-YET? and slowloris floods. This type of protection isn't garanteed ​and is offered on a best effort basis. If you're suffering from an HTTP flood you can contact support and we'll do our best to add additional localized filtering as well as guide you on how to tune your webserver.+  * TCP SYN + ACK 
 +  * TCP FIN 
 +  * TCP RESET 
 +  * TCP ACK 
 +  * TCP ACK + PSH 
 +  * TCP Fragment 
 +  * TCP (SYN, etc.), ICMP, UDP Floods 
 +  * HTTP URL GET/POST Floods 
 +  * Malformed HTTP Header Attacks 
 +  * Slow-HTTP Request Attacks 
 +  * SYN Floods Against SSL Protocols 
 +  * Malfromed SSL Attacks 
 +  * SSL Renegotiation Attacks 
 +  * SSL Exhaustion (Single Source/​Distributed Source) 
 +  * DNS Cache Poising Attacks 
 +  * DNS Request Flood 
 +  * SIP Request Floods 
 +  * IGMP 
 +  * Brute Force 
 +  * Connection Flood 
 +  * Spoofing / Non-Spoofed 
 +  * Mixed SYN + UDP or ICMP + UDP flood 
 +  * Ping of Death 
 +  * Smurf 
 +  * Reflected ICMP and UDP 
 +  * Teardrop 
 +  * Botnets 
 +  * Blackenergy,​ Darkness, YoYoDDoS, etc 
 +  * Common DoS/DDoS Tools 
 +  * Slowloris/​Pyloris,​ Pucodex, Sockstress, ApacheKiller 
 +  * Voluntary Botnets 
 +  * HOIC, LOIC, Etc 
 +  * Application Attacks 
 +  * Zero-day DDoS attacks 
 +  * DDoS attacks targeting Apache, Windows, or OpenBSD vulnerabilities
  
-Please also be aware that our **Las Vegas** filtering is aimed at protecting **TCP** based services at this timeWhen UDP flood is targetted at your IP**all** UDP traffic will be temporarily **blocked** upstream to assist with the flood. This isn't an issue for most people but can cause issues for users running some Steam based games (TF2, CS, CS:S, etc) as well as VOIP applications (Ventrilo, Teamspeak, etc).+As well as many othersSome protection may require ​ticket to be enablednamely some of the HTTP layer 7 protection.
  
-Our **Buffalo** based filtering doesn'​t suffer from this.+In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood 
 +passing through.
  
 +===== What extra features do you include? =====
 +
 +You can configure your DDOS protection to your preferred mode within Stallion:
 +
 +{{:​ddos1.png?​400|}} {{:​ddos2.png?​400|}}
 +
 +In ''​sensing mode'',​ no filters/​blocks are put in place until a DDOS attack is detected. Be aware that this mode isn't perfect and leaks can happen. When a flood is detected, or if you use ''​always on''​ mode, the following ACL's are enforced:
 +
 +{{:​voxacl.png|}}
 +
 +These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee.
 +
 +===== What subnets does the the Layer 7 protection use? =====
 +
 +Layer 7 protection connections will come from the following subnets.
 +
 +
 +| 93.115.83.64/​26 |
 +| 93.115.90.64/​26 |
 +| 5.254.88.64/​26 |
 +| 5.254.110.0/​26 |
 +| 5.254.107.0/​26 |
 +| 5.254.115.128/​26 |
 +| 5.254.108.64/​26 |
 +
 +You'll need to configure your webserver to assign the users connecting IP from the ''​X_FORWARDING_FOR''​ field. In ''​NGINX''​ you'll want to use a setup like:
 +
 +<​code>​
 +
 +set_real_ip_from 93.115.83.64/​26;​
 +set_real_ip_from 93.115.90.64/​26;​
 +set_real_ip_from 5.254.88.64/​26;​
 +set_real_ip_from 5.254.110.0/​26;​
 +set_real_ip_from 5.254.107.0/​26;​
 +set_real_ip_from 5.254.115.129/​26;​
 +set_real_ip_from 5.254.108.64/​26;​
 +real_ip_header X-Forwarded-For;​
 +
 +</​code>​
 +
 +For Apache 2.2 you'll have to install [[https://​github.com/​gnif/​mod_rpaf|mod_rpaf]] to do this for you. 
 +
 +For Apache 2.4 you'll want to install ''​mod_remoteip''​. You'll want to configure ''​mod_remoteip''​ the following way:
 +
 +<​code>​
 +
 +RemoteIPHeader X-Real-IP
 +RemoteIPInternalProxy 93.115.83.64/​26
 +RemoteIPInternalProxy 93.115.90.64/​26
 +RemoteIPInternalProxy 5.254.88.64/​26
 +RemoteIPInternalProxy 5.254.110.0/​26
 +RemoteIPInternalProxy 5.254.107.0/​26
 +RemoteIPInternalProxy 5.254.115.129/​26
 +RemoteIPInternalProxy 5.254.108.64/​26
 +
 +</​code>​
 ===== Is there an SLA? ===== ===== Is there an SLA? =====
  
 Our filtering carries a 99.9% uptime SLA. Our filtering carries a 99.9% uptime SLA.
  
-This SLA does not cover users getting application layer floods ​or floods that far exceed the above specifications (read: Don't expect credit just because you got a 20gbit/sec+ flood). +This SLA does not cover users getting application layer floods.
 ===== Where can I order a DDOS protected IP address? ===== ===== Where can I order a DDOS protected IP address? =====
  
-While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'Aegis DDOS protection'​ field.+While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection'​ field.
  
 ===== How long do I have to wait to be activated? ===== ===== How long do I have to wait to be activated? =====
Line 50: Line 141:
 ===== What services will you not protect? ===== ===== What services will you not protect? =====
  
-At this time the only ban in place is against **camfrog**. Past this please consult ​our [[https://​my.frantech.ca/​tos.php|Terms of Service]] and [[https://​my.frantech.ca/​aup.php|Acceptable Use Policy]].+Please abide by our  
 +[[https://​my.frantech.ca/​tos.php|Terms of Service]] and [[https://​my.frantech.ca/​aup.php|Acceptable Use Policy]] ​for a list of applications allowed on our network.  
 + 
 +TL;DR Camfrog is fine.
ddos.1384274751.txt.gz · Last modified: 2013/11/12 08:45 by Francisco Dias