0

We are currently under attack on one of our servers at a datacenter in Chicago.

  • 1 gbps (peak) 600mbps average
  • UDP flood port 80 (incoming)
  • Consumed 20 TB bandwidth in 2.5 days

We have 50TB of bandwidth per month on this server and paying for the bandwidth is not an option (pricey).

Our host offers a protection plan for 1gbps attacks for $800/mo and $750 setup.

This is a lot of money but seems like the only option at this point to keep the website alive. The attack may only last a few more days.

Is there another host that has DDOS prevention built in or is there a more cost effective way of handling this? In a jam right now. Do we really have to pay for our servers plus $800 per month from now on just to prevent future bandwidth eating DDOS?

I am a small business that can barely afford this service (and still be profitable) but I can't imagine how scared I would be if this service could not be afforded.

reefine
  • 239
  • 5
  • 11
  • 1
    This is a good question and I certainly sympathise with you but we don't do shopping questions. – John Gardeniers Feb 11 '12 at 03:28
  • Add an e-mail to your serverfault profile and I'll send you a recommendation or two, as this question is offtopic here. – gekkz Feb 11 '12 at 08:37

1 Answers1

1

Bandwidth is expensive. DDoS attacks can eat large amounts of bandwidth in a very short amount of time. Any host that can actually handle this attack for you, is going to be somewhat expensive.

That being said, a UDP flood at port 80 should be pretty trivial for anyone to block (there's no legitimate reason for UDP to go to port 80 is 99.999% of circumstances).

You could always get a couple of unmetered gigabit ports and a few servers, but that's going to be probably $800/month per server.

devicenull
  • 5,572
  • 1
  • 25
  • 31
  • yeah, can you just firewall UDP away from port 80 (which should be accepting TCP web connections)? – Devin Ceartas Feb 11 '12 at 03:32
  • 1
    @DevinCeartas - The issue is that the traffic needs to be stopped upstream. Yes, they could firewall off 80/udp, but in that case, the traffic would still egress the switchport they're connected and thus, would count agains their bandwidth quota. – EEAA Feb 11 '12 at 04:13
  • Their provider should be able to add an ACL to the switch to block the traffic. It's possible they'd still be charged for it though, but any of the DDoS prevention services should be able to handle this easily. – devicenull Feb 11 '12 at 05:07