DDoS Protection and other

[Tea1337]

Along with the threat of having my personal IP DDoS'd and "Wrecking" My router, is there a piece of f hardware that I can use to be able to block and protect against being DDoS'd before it reaches my router? Such as a firewall? I'd like to have secure home internet and found this while searching: Right Here

 

How long could that last against the standard DDoS attack or will it at all? Just don't want to worry about my service going down because of my servers. Any help is appreciated. Thanks.

[ttam]

Uh. 2 seconds or so.

 

Just change your IP

[Tea1337]

Uh. 2 seconds or so.

 

Just change your IP

Am I able to change it every minute or so? it's kinda running publicly.

[ttam]

Am I able to change it every minute or so? it's kinda running publicly.

http://linustechtips.com/main/topic/57757-hotspot-shield-sponsor-link/

 

Seems you would benefit from Hotspot Shield. A good VPN service.

 

This way I can promote @LinusTech's sponsor

[Tea1337]

http://linustechtips.com/main/topic/57757-hotspot-shield-sponsor-link/

 

Seems you would benefit from Hotspot Shield. A good VPN service.

 

This way I can promote @LinusTech's sponsor

Sweet, thanks. I'll look into that in the morning.

[Darren]

http://linustechtips.com/main/topic/57757-hotspot-shield-sponsor-link/

 

Seems you would benefit from Hotspot Shield. A good VPN service.

 

This way I can promote @LinusTech's sponsor

 

If someone knows your home's real IP, a VPN won't do shit. A VPN is like driving a different car, but if someone is blocking the road, you're still screwed.

 

You, yourself, cannot mitigate a DDoS attack against you. It does not make a single bit of difference if you have a different router. They are saturating the pipe between you and your ISP. If you are getting DDoS'd, escalate it to your ISP as they have the ability to do so by blocking the source at their edge, protecting you. Now if you're a residential level customer, they won't act with urgency. If you are in a position where your internet connection is so valuable, purchase a business grade connection and they will take care of you.

[ttam]

If someone knows your home's real IP, a VPN won't do shit. A VPN is like driving a different car, but if someone is blocking the road, you're still screwed.

 

You, yourself, cannot mitigate a DDoS attack against you. It does not make a single bit of difference if you have a different router. They are saturating the pipe between you and your ISP. If you are getting DDoS'd, escalate it to your ISP as they have the ability to do so by blocking the source at their edge, protecting you. Now if you're a residential level customer, they won't act with urgency. If you are in a position where your internet connection is so valuable, purchase a business grade connection and they will take care of you.

In your little thing.. How can someone block the road you are on, when you are 5000 km away. 

 

His IP needs to be changed by his ISP (5 minute phone call)

And since his IP is being displayed publicly. This is where a VPN comes into play.

This offers the protection the ISP cant.

Even if he was to upgrade to a 'business grade connection' it would not change a single thing at all.

 

Source: A dude that works for a big ISP (non call center) and deals with this for a living, is chilling on my couch

[Darren]

In your little thing.. How can someone block the road you are on, when you are 5000 km away. 

 

His IP needs to be changed by his ISP (5 minute phone call)

And since his IP is being displayed publicly. This is where a VPN comes into play.

This offers the protection the ISP cant.

Even if he was to upgrade to a 'business grade connection' it would not change a single thing at all.

 

Source: A dude that works for a big ISP (non call center) and deals with this for a living, is chilling on my couch

 

So you're saying that if one knows the real IP address for someone, that their fake IP will protect them?

 

If he's running a server, then he's obviously intending for people to reach it. A VPN won't help because the data needs to get to the server.

[Coolnesgamer]

If someone knows your home's real IP, a VPN won't do shit. A VPN is like driving a different car, but if someone is blocking the road, you're still screwed.

 

You, yourself, cannot mitigate a DDoS attack against you. It does not make a single bit of difference if you have a different router. They are saturating the pipe between you and your ISP. If you are getting DDoS'd, escalate it to your ISP as they have the ability to do so by blocking the source at their edge, protecting you. Now if you're a residential level customer, they won't act with urgency. If you are in a position where your internet connection is so valuable, purchase a business grade connection and they will take care of you.

But doesnt the ip go though the isp then to the user, cant the isp block the ddos.   (Sorry if im wrong )

[Sheldon]

But doesnt the ip go though the isp then to the user, cant the isp block the ddos.   (Sorry if im wrong )

But that what Darren said. The ISP has the level and the hardware to do that. They can even send the DDOs to another datacenter or so on. A VPN will not work. Your best bet to load balancing (from a network side) with more one IP. So just have your ISP on call and call them and have a chat about their support for DDOS on one of their static IP's ( are renting the IP/S so they will want to care of it) 

[Darren]

But that what Darren said. The ISP has the level and the hardware to do that. They can even send the DDOs to another datacenter or so on. A VPN will not work. Your best bet to load balancing (from a network side) with more one IP. So just have your ISP on call and call them and have a chat about their support for DDOS on one of their static IP's ( are renting the IP/S so they will want to care of it) 

 

Yeah. OP, this is something you should talk to your ISP about if you're seriously worried about it.

[Lays]

My solution to ddosers when I played runescape was I bought myself a booter, anyone that screwed with me and threatened to hit me off would get hit off instead LOL.

 

But no, you should talk to your isp. I've been ddosed recently, I called my isp and they sent it somewhere else, only took like 2 mins.

[tom564]

My solution to ddosers when I played runescape was I bought myself a booter, anyone that screwed with me and threatened to hit me off would get hit off instead LOL.

 

But no, you should talk to your isp. I've been ddosed recently, I called my isp and they sent it somewhere else, only took like 2 mins.

So you go and admit that fact on a public forum.... nice one. 

[tom564]

Certain forms of DoS attacks can be mitigated at the client side, for example syn floods although in your case this is probably not relevant. What type of DoS are you being hit by? 

[Lays]

So you go and admit that fact on a public forum.... nice one. 

 

I don't care lol, like I said "When" = past.

[99vw]

A vpn would allow you to disconnect in the event of a DDoS which would no longer route the attacking traffic to your main ip. You could do this with a cheap vps and openvpn.

 

However, If you want active DDoS protection you will want something like CloudFlare.

[Darren]

A vpn would allow you to disconnect in the event of a DDoS which would no longer route the attacking traffic to your main ip. You could do this with a cheap vps and openvpn.

 

However, If you want active DDoS protection you will want something like CloudFlare.

 

That doesn't really work since he's running a server - traffic has to go to him anyway with an IP that will go there, beit VPN or real. Either way, someone can exploit that to DDoS him. Now, a VPN does a good job of being able to stop the traffic at another node, but then his server is no longer accessible. Either that is a huge problem, or this thread is a waste of time.

[xXxYOLOxSWAGxXx_420BlazeIt]

That doesn't really work since he's running a server - traffic has to go to him anyway with an IP that will go there, beit VPN or real. Either way, someone can exploit that to DDoS him. Now, a VPN does a good job of being able to stop the traffic at another node, but then his server is no longer accessible. Either that is a huge problem, or this thread is a waste of time.

OpenVPN will forward the traffic to his server.

 

He would need a small VPS to run it on though.

 

 

Along with the threat of having my personal IP DDoS'd and "Wrecking" My router, is there a piece of f hardware that I can use to be able to block and protect against being DDoS'd before it reaches my router? Such as a firewall? I'd like to have secure home internet and found this while searching: Right Here

 

How long could that last against the standard DDoS attack or will it at all? Just don't want to worry about my service going down because of my servers. Any help is appreciated. Thanks.

What service are you running? You would probably be better off paying for a VPS/dedi depending on what it is.

[Tea1337]

That doesn't really work since he's running a server - traffic has to go to him anyway with an IP that will go there, beit VPN or real. Either way, someone can exploit that to DDoS him. Now, a VPN does a good job of being able to stop the traffic at another node, but then his server is no longer accessible. Either that is a huge problem, or this thread is a waste of time.

Well, I'm in threat of loosing $5000 worth of Data, so it's a huge problem for me. I need to keep my servers protected.

[Tea1337]

So i've moved to a business grade ISP, I have my servers on that with rented hardware to protect my servers, so i will have enough time to run a backup and keep the files safely. Then from there I am able to take down the server and prevent the attack from happening. Then the IP is changed and everything is matched back.

[tom564]

So i've moved to a business grade ISP, I have my servers on that with rented hardware to protect my servers, so i will have enough time to run a backup and keep the files safely. Then from there I am able to take down the server and prevent the attack from happening. Then the IP is changed and everything is matched back.

A DoS attack will not usually damage anything that a reboot can't fix ( i say usually as a hammer could be used for a DoS attack and that can't be fixed by a reboot). that being said you should still have offline backups.  

[99vw]

That doesn't really work since he's running a server - traffic has to go to him anyway with an IP that will go there, beit VPN or real. Either way, someone can exploit that to DDoS him. Now, a VPN does a good job of being able to stop the traffic at another node, but then his server is no longer accessible. Either that is a huge problem, or this thread is a waste of time.

 

This is correct. However, I assumed that since he was running the service from his house that it may not be critical. It seemed like he just needed to not lose internet in the event of a DDoS. However, it now seems he may need more protection then that. In which case he can still check out http://www.cloudflare.com/ddos

[Tea1337]

This is correct. However, I assumed that since he was running the service from his house that it may not be critical. It seemed like he just needed to not lose internet in the event of a DDoS. However, it now seems he may need more protection then that. In which case he can still check out http://www.cloudflare.com/ddos

I'm just looking for 99% uptime, as of now ddos attacks are having my usual uptime at 47%

[Blade of Grass]

I'm just looking for 99% uptime, as of now ddos attacks are having my usual uptime at 47%

I would suggest investing in cloud flare. That way they can load balance it across their network, and it won't effect yours. 

[Darren]

I'm just looking for 99% uptime, as of now ddos attacks are having my usual uptime at 47%

 

Would definitely recommend Cloudflare. Check out their writeup about a 300Gbps attack against them - http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

 

And also you should read this https://support.cloudflare.com/hc/en-us/articles/200170196-I-am-under-DDoS-attack-what-do-I-do-