8 comments

[ 5.2 ms ] story [ 32.9 ms ] thread
tl;dr; "Every solution that isn't made by us isn't good."
Its a true statement. I have personally evaluated almost every DDoS solution (either by looking at reports on how well they fared often posted on HN, or by having sites I regularly use go down because the solution they bought failed them), and I ended up going with Centarra because they're the only ones that don't have a history of failure.
The number of exclusively layer 7 attacks we've seen since beginning this project is basically zero.

I'm happy that for you that you don't see these attacks, because I can tell you that we see Layer 7 DDoS attacks frequently, but perhaps just go read HN story #1 about the Github DDoS.

The Github attack was a volumetric flood, this most certainly has layer 3 properties.

The post clearly discusses layer7 floods which do not have layer3 properties (such as slowloris.pl, rudy.pl, etc.) which are uncommon.

It would be a safe bet to say that the Github attack had layer-3 properties.

After some investigation, we discovered that we were seeing several thousand HTTP requests per second distributed across thousands of IP addresses for a crafted URL.

That sounds like layer 7 to me.

This has layer3 properties, such as connection rate, and was most likely mitigated using layer 3 filtering.
Everything in this post is accurate. L7 protection at the endpoints (use 10GbE ports if necessary), L3/L4 protection in the network. And although I've never heard of the company, nenolod knows what he's doing.

Suggestion for them: improve your site, fix the colocation 404, provide info about your locations (perhaps it's available if I register for your client portal, but I don't want to do that until I know it would otherwise meet my needs), provide info about your network (transit and peering).

Hey, this Centarra sounds cool! [Click on "Colocation" link at top of web page.] 404 Not Found.