arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ever wondered about OVH?
#1
Have you ever wondered how OVH's anti-ddos mechanism works? I have seen some booter's owner trying to attack me with attacks going as hard as 6 GB/sec on OVH's server but still, the server didn't went down(it lagged a bit and maybe because some packets weren't filtered but it lagged soo less that no one would even doubt if that lagged). 

They've explained how it works. How the mitigation starts and what not in their anti ddos mitigation solution webpage. But still, I'm much more curious about how do they work. 
They may have big machines backing off the power? But in TBs? How can even a big floor sized server protect a TB attack? 

How does its VAC work? If anyone have any idea with its deep explanation of its mitigation mechanism and how does/may it look? Has anyone ever wondered about that?
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 
#2
It's just that 6GB / s is an attack by BOTNET!
I Think You Must Install Firewall + NIDS to prevent it from happening again!
Terminal
Solo Developer
#3
(01-13-2019, 06:27 PM)Manal Wrote: Have you ever wondered how OVH's anti-ddos mechanism works? I have seen some booter's owner trying to attack me with attacks going as hard as 6 GB/sec on OVH's server but still, the server didn't went down(it lagged a bit and maybe because some packets weren't filtered but it lagged soo less that no one would even doubt if that lagged). 
We're experiencing the same at Gigarocket Manal. We've been using OVH for a while for our VPSs. OVH does it with what they called anti-DdoS protection. Powerful scripts to protect their servers. They've got a write-up about exactly how it works at the link below:
https://www.ovh.com/world/anti-ddos/

In a nut-shell it is the following:
Quote:Our anti-DDoS solution is composed of several different internally-built hardware components and technologies. It is present in all OVH points of presence worldwide, so that it can absorb all attacks via the mitigation technique. We are able to mitigate attacks due to a three-step solution, which consists of analyzing traffic, then vacuuming it in order to mitigate it. At OVH, mitigation uses a combination of internal technologies that are collectively called a VAC.

The VAC is a combination of different technologies developed by OVH, and designed to mitigate DDoS attacks. With its unique composition, it can filter incoming traffic so that only legitimate data packets pass through and reach your servers, while illegitimate traffic is blocked. The VAC notably includes a pre-firewall, the Firewall Network and Shield and Armor components.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#4
i think manal knows about these pages and read it already. he wants to know if anyone around here has more in depth knowledge on what goes on behind the scene in that anti-ddos setup.
may be hr knows better.

i can just hazard some guesses. they have terabyte scale capacity
at the backbone.
i guess they sample data packets.. say one in every 2000 or some such using highly parallel processing systems
using specialised processors (not general purpose ones..for better speed and efficiency).
now ddos attacks are mostly dumb. like same or similar kind of connection/page requests without further interactions with that requested page. so if the system sees lots of similar and repeated requests from zillions of different ips then it can start dropping the packets from those source ips and thus kill the flood even from entering the Gbps and Mbps scale networks.

i dunno
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.
#5
(01-14-2019, 12:40 PM)rudra Wrote: i think manal knows about these pages and read it already. he wants to know if anyone around here has more in depth knowledge on what goes on behind the scene in that anti-ddos setup.
may be hr knows better.

i can just hazard some guesses. they have terabyte scale capacity
at the backbone.
i guess they sample data packets.. say one in every 2000 or some such using highly parallel processing systems
using specialised processors (not general purpose ones..for better speed and efficiency).
now ddos attacks are mostly dumb. like same or similar kind of connection/page requests without further interactions with that requested page. so if the system sees lots of similar and repeated requests from zillions of different ips then it can start dropping the packets from those source ips and thus kill the flood even from entering the Gbps and Mbps scale networks.

i dunno

Agreed with you @rudra. I have read the article but still, they haven't mentioned exactly how they tackle the attacks. Your predictions might be true with what you say.
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 


person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting