Hi there,
I got a server with FloodGuard protection at ServerMatrix for almost 2 months now.
Guess what, I got DOS'ed!
FloodGuard doesn't work
- What a waste of money, I paid FloodGuard for 2 months now and IT IS USELESS!!!
- ServerMatrix Security Team is being unhelpful! Nullrouted my server almost 24hrs, and they are still working on something else! (Guys, if you are reading this, please update my tickets!)
Apf firewall doesn't work
Kiss firewall doesn't work
- Not working at all, what's the point of installing them?
mod_dosevasive doesn't work
- After installed mod_dosevasive, all website are inaccessible, so I had to uninstall it.
Full Version: FloodGuard = USELESS!
FloodGuard will NOT protect from legit DDOS attacks, such as HTTP flood. Which your DDOS was probably a Legit attack. APF will not protect you either.
APF firewall is to protect from hackers, and has minor DDOS blocking, but from SYN attacks, just like FloodGuard.
KISS is another firewall, does the samething as APF.
Floodguard will come in handy, even for it's low cost, but no matter how much you spend, you will not be 100% protected from DDOS attacks.
APF firewall is to protect from hackers, and has minor DDOS blocking, but from SYN attacks, just like FloodGuard.
KISS is another firewall, does the samething as APF.
Floodguard will come in handy, even for it's low cost, but no matter how much you spend, you will not be 100% protected from DDOS attacks.
I think FloodGuard is worth it if only for the enhancements to the SLA. Furthermore, I've watched FloodGuard block two attacks to a server of mine within minutes of them starting. This is well worth $5/mo.
I just ordered it, and from what I see / read my $10 investment will pay itself off very quickly.
Hey Kevin,
Well i've just moved to my own server, i'm soon going to find out if my $10 investment will do much. My domain has been under dDOS for a while up untill a week ago, so we will see how it goes with my server.
Well i've just moved to my own server, i'm soon going to find out if my $10 investment will do much. My domain has been under dDOS for a while up untill a week ago, so we will see how it goes with my server.
I'm HTTP Flooded since yeasterday, no FloodGuard, no hardware firewall, all I have is VisneticFirewall with HTTP filtering which seems to detect the flooder and block (tarpit) him, server seem to hold, CPU usage of firewall is 10%, not bad.
Going to get that FloodGuard anyway.
Going to get that FloodGuard anyway.
The problem is neither software nor firewalls protect you from a traffic flood.
There are two ways SM is introducing that can deal with traffic floods:
ACLs
new DDoS protection
The ACLs are just firewall rules on SM's routers themselves, so they're blocked before they reach your low-bandwidth port.
The new DDoS protection is going to be network-wide, and supposedly will be way more effective than FloodGuard.
Now, SM has told us that the new protection uses FloodGuard as a detector, which simply passes the IP under attack to the new system which does the mitigation/protection. However I'd imagine that if FG doesn't detect an attack, and you contacted SM, they would manually enter your IP.
However, I could be wrong, I never got a response on that question in the announcement thread.
There are two ways SM is introducing that can deal with traffic floods:
ACLs
new DDoS protection
The ACLs are just firewall rules on SM's routers themselves, so they're blocked before they reach your low-bandwidth port.
The new DDoS protection is going to be network-wide, and supposedly will be way more effective than FloodGuard.
Now, SM has told us that the new protection uses FloodGuard as a detector, which simply passes the IP under attack to the new system which does the mitigation/protection. However I'd imagine that if FG doesn't detect an attack, and you contacted SM, they would manually enter your IP.
However, I could be wrong, I never got a response on that question in the announcement thread.
In my case, the HTTP Flood comes from one IP, should be safe to ban, if I only had an option to ban it on any hardware gear before it hits my machine, but I dont 
As I mentioned, ACL will let you do exactly that 
QUOTE (schriss)
In my case, the HTTP Flood comes from one IP, should be safe to ban, if I only had an option to ban it on any hardware gear before it hits my machine, but I dont :lol:
Not typically, hence the acronym DDOS: Distributed Denial of Service.
QUOTE (Kyle)
QUOTE (schriss)
In my case, the HTTP Flood comes from one IP, should be safe to ban, if I only had an option to ban it on any hardware gear before it hits my machine, but I dont :lol:
Not typically, hence the acronym DDOS: Distributed Denial of Service.
Although not widespread such DoS attacks are possible - in case the computer that attacks you has more bandwidth than your server does it can take it down in no time.
You should contact TP/SM support and they will block that IP on their Juniper routers as blocking it on the server itself is no use.
Take into account though that this may be a fake IP, as happens many times with DDoS attacks.
Are there any DDOS attacks that don't use "normal" traffic? Syn-floods are so 2001
It seems like floodguard would rarely be much help.
It seems like floodguard would rarely be much help.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.