It appears that floodguard is a very good system.
I intend on ordering FloodGuard service, but have a few questions.
1. Assuming the system has correctly 'learned' my traffic, How long does it take for the system to 'kick-in' when a flood is detected?
2. Where do the packets go? More importantly, will the packets flow through my Bandwidth meter and be included in my monthly transfer?, or will they be deflected prior to passing through that part of the network?
3. How well does this system really work? Is it best used to filter out small packet floods from the network? Would it actually WORK if a TRUE flood (+100Mbits/s) was to occur?
I have never been hit with a flood before, however a coleague of mine recently suffered from a large scale attack, and i cant afford for malicious data to pass through the Bandwidth meter for my server.
(i cant afford to go over my monthly transfer)
Thank you for taking the time to read this post.
I've had floodguard protect against a 35/40 mbps hit. But I've yet to have anything bigger than that directed at my server, so I can't say where floodguard breaks down.
The last time my server got hit, it burned about 6 or 7 GB of bandwidth very quickly before FloodGuard stopped it. From what I understand, if it can be shown that the bandwidth used was from a flood that floodguard acted on, I think SM will avoid counting said bandwidth against your monthly total.
So for instance, if a flood hits your server, and consumes 50 GB of bandwidth, with a 100 mbps attack, and floodguard then stops the attack (but 50 GB has already been burned), I understand that SM will not count the 50 GB against your total. But you have to point out the issue to them.
Basically, you're not responsible for the bandwidth consumed in an attack if you have floodguard on the IP address/es hit. So if someone hits your server with a massive attack, that pushes you far over your bandwidth limit ($$$$), this clause protects you from getting killed financially.
The last time my server got hit, it burned about 6 or 7 GB of bandwidth very quickly before FloodGuard stopped it. From what I understand, if it can be shown that the bandwidth used was from a flood that floodguard acted on, I think SM will avoid counting said bandwidth against your monthly total.
So for instance, if a flood hits your server, and consumes 50 GB of bandwidth, with a 100 mbps attack, and floodguard then stops the attack (but 50 GB has already been burned), I understand that SM will not count the 50 GB against your total. But you have to point out the issue to them.
Basically, you're not responsible for the bandwidth consumed in an attack if you have floodguard on the IP address/es hit. So if someone hits your server with a massive attack, that pushes you far over your bandwidth limit ($$$$), this clause protects you from getting killed financially.
QUOTE (Shingen)
Basically, you're not responsible for the bandwidth consumed in an attack if you have floodguard on the IP address/es hit. So if someone hits your server with a massive attack, that pushes you far over your bandwidth limit ($$$$), this clause protects you from getting killed financially.
That's the way I look at it too. Even if Floodguard doesn't work as advertised (you have no way of testing it since you need to get DDOSed to know), at the very least it is cheap bandwidth insurance. I am paying X dollars a month to ensure that a massive DDOS does not break the bank. If it keeps my servers online during the attack, all the better.
QUOTE (sightz)
you have no way of testing it since you need to get DDOSed to know
It could be arranged, I was going to test mine, but you're not allowed to 
QUOTE (b00m)
It appears that floodguard is a very good system.
I intend on ordering FloodGuard service, but have a few questions.
1. Assuming the system has correctly 'learned' my traffic, How long does it take for the system to 'kick-in' when a flood is detected?
2. Where do the packets go? More importantly, will the packets flow through my Bandwidth meter and be included in my monthly transfer?, or will they be deflected prior to passing through that part of the network?
3. How well does this system really work? Is it best used to filter out small packet floods from the network? Would it actually WORK if a TRUE flood (+100Mbits/s) was to occur?
I have never been hit with a flood before, however a coleague of mine recently suffered from a large scale attack, and i cant afford for malicious data to pass through the Bandwidth meter for my server.
(i cant afford to go over my monthly transfer)
Thank you for taking the time to read this post.
I intend on ordering FloodGuard service, but have a few questions.
1. Assuming the system has correctly 'learned' my traffic, How long does it take for the system to 'kick-in' when a flood is detected?
2. Where do the packets go? More importantly, will the packets flow through my Bandwidth meter and be included in my monthly transfer?, or will they be deflected prior to passing through that part of the network?
3. How well does this system really work? Is it best used to filter out small packet floods from the network? Would it actually WORK if a TRUE flood (+100Mbits/s) was to occur?
I have never been hit with a flood before, however a coleague of mine recently suffered from a large scale attack, and i cant afford for malicious data to pass through the Bandwidth meter for my server.
(i cant afford to go over my monthly transfer)
Thank you for taking the time to read this post.
From what we've heard from other users, an attack at 100mbit+ would result in ServerMatrix nullrouting your box (That is, disconnecting it).
A user reported he had a 95mbit flood that FloodGuard was blocking, and ServerMatrix later nullrouted the box because they decided the flood was too high.
I host a website that seems to be targeted occasionaly, and in my experience, SM/ThePlanet are very quick to null routing your ip when there is any considerable attack directed at your ip (even when you have paid for Floodguard).
From my knowledge, you get what you pay for, Floodguard is only 10/month (I think), and therefore you can no expect it to protect you from anything else than small attacks. The bigger the attack you want to be protected from, the more money you have to dish out. From the research I did during one of the attacks on my server, I found out that I would have to dish out 600-3000 more per month to get the proper protection against the attacks, and even then, I wasn't sure it would work.
If someone really wants to take you offline, and have the capacity to do so, there is nothing you can do about it unless you are someone big like MS.
I actually found something about FloodGuard on ThePlanet:
http://www.theplanet.com/services/security.html
They make it sound like it can protect you from more than it really can. Atleast from my experience, I have found out that FloodGuard really does not do much for me.
From my knowledge, you get what you pay for, Floodguard is only 10/month (I think), and therefore you can no expect it to protect you from anything else than small attacks. The bigger the attack you want to be protected from, the more money you have to dish out. From the research I did during one of the attacks on my server, I found out that I would have to dish out 600-3000 more per month to get the proper protection against the attacks, and even then, I wasn't sure it would work.
If someone really wants to take you offline, and have the capacity to do so, there is nothing you can do about it unless you are someone big like MS.
I actually found something about FloodGuard on ThePlanet:
http://www.theplanet.com/services/security.html
QUOTE
DoS/DDoS Mitigation Services - FloodGuard
The Planet utilizes FloodGuard™ from NetZentry to mitigate distributed denial of service and syn flood traffic directed to servers inside our datacenter facilities. Through the extensive use of actuators and sensors, The Planet security engineers are able to track traffic patterns and assist in mitigating the effects of malicious activity. The Planet utilizes best efforts to mitigate denials of service attacks and syn flood attacks, but due to the nature of these types of attacks… no SLA is applied to this service offering.
The Planet utilizes FloodGuard™ from NetZentry to mitigate distributed denial of service and syn flood traffic directed to servers inside our datacenter facilities. Through the extensive use of actuators and sensors, The Planet security engineers are able to track traffic patterns and assist in mitigating the effects of malicious activity. The Planet utilizes best efforts to mitigate denials of service attacks and syn flood attacks, but due to the nature of these types of attacks… no SLA is applied to this service offering.
They make it sound like it can protect you from more than it really can. Atleast from my experience, I have found out that FloodGuard really does not do much for me.
It should be said, however, that FloodGuard pays for itself simply by the fact that by paying that 10$, if your server is down under a DDoS, you don't have to pay for bandwidth used. That alone is worth the 10$.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.