We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

DDoS mitigation time


reefcrazed
2016-03-02, 10:23 PM
Yes huge network spikes, the packets coming in are all the same length, thousands of them. The bigger problem is this VAC system. The VAC system is shutting me down longer than the attacks. I may have to leave OVH and I just got here, I had less downtime because of the attacks before I moved to here. The VAC system seems like it is blacklisted me for hours at a time. The attacks are 5 minutes, the OVH system is keeping me down for hours.

HTMLtag
2016-03-02, 08:28 PM
Are you sure they are ddos and not exploit dos attacks?
Memory filling up sound more like something else.
Are you seeing network spikes?

Darth Android
2016-03-02, 05:30 PM
That all depends upon what kind of attack it is and how your service is configured.

If it's an attack that OVH recognizes, then it's all automatic and you'll get an email when the mitigation kicks in and all your data gets routed through the firewalls/filters, and another email when it stops and OVH restores your data routing to normal. This is all pretty fast, it was within 5 minutes of the attack starting when my server took a hit.

However, many DDoS attacks can't be caught automatically, and you'll have to configure the anti-DDoS yourself. You'll want to switch your server to permanent mitigation mode, and then configure the firewall to block any ports/IPs that you *know* are malicious traffic (i.e., by reviewing packet captures). You have to keep tweaking the rules until you get the total volume of traffic hitting your server down to a manageable level (i.e., less than your allowed bandwidth capacity).

Once you've got the number of packets hitting your box down to a reasonable level, you need to further modify the firewall on your box (i.e., IPTABLES for linux) to limit connections per second or otherwise pick apart legitimate traffic from malicious traffic.

Generally speaking, I wouldn't expect OVH to do anything with your packet capture-- that's on you, so "how long ... to get the attack mitigated" is usually dependent upon how fast you can figure out what is happening and how to block it. OVH just provides the infrastructure to do bulk filtering, it's up to you to configure it.

reefcrazed
2016-03-01, 04:20 PM
I moved my server from my home private lan because I was getting DDoS'd. I needed it hosted somewhere I would could better control of the outcome, an ISP will not do anything about it. So a few hours after it moved I got my first DDoS here. The servers resources quickly got exhausted, the linux binaries for the game started shutting down, all 64gb of ram were used. I could see the spike in the window.. So I am waiting on it to happen again so I can get a packet capture, 4 hours later and nothing has happened as far as the attack. Once I have the output in linux from the capture, how long does it normally take to get the attack mitigated?