DDOS attack Bandwidth Usage?
- Thread starter 68shelby
- Start date
Even we can't fully prevent it, we are stopping the majority now, but we have to work with the reseller in these cases.
I can say this one today ate over 300GB of HTTP traffic and 99% of the traffic was not HTTP
Re: DDOS Bandwidth Fees on Win27 - holy sh**!
This is not so much a criticism as it is a question for my fellow *resellers*. The Jodo support team is wonderful and this is not a negative remark towards them at all.
Last Friday, one of my client domains was severely attacked in the DDOS against Win27. The attack lasted 24-36 hours and was from 9,000 sources. The issue was *not* caused by bad/exploited code. However, the bandwidth overage was 30x my client's monthly average and it increased my reseller quoted by 3x.
Jodo billing dept notified me that I will be billed $2/GB or ~$500 for the traffic overage (~250GB). They said I could request a 15% credit after my credit card is processed.
As a reseller, have you been billed for DDOS attacks in the past? How did you know your domain was under attack and more importantly, what did you do to mitigate it? Is there anything I could have done to prevent this from continuing for ~36hours? Finally, is $2/GB a fair/reasonable price? I am sick to my stomach. Thanks!
This is not so much a criticism as it is a question for my fellow *resellers*. The Jodo support team is wonderful and this is not a negative remark towards them at all.
Last Friday, one of my client domains was severely attacked in the DDOS against Win27. The attack lasted 24-36 hours and was from 9,000 sources. The issue was *not* caused by bad/exploited code. However, the bandwidth overage was 30x my client's monthly average and it increased my reseller quoted by 3x.
Jodo billing dept notified me that I will be billed $2/GB or ~$500 for the traffic overage (~250GB). They said I could request a 15% credit after my credit card is processed.
As a reseller, have you been billed for DDOS attacks in the past? How did you know your domain was under attack and more importantly, what did you do to mitigate it? Is there anything I could have done to prevent this from continuing for ~36hours? Finally, is $2/GB a fair/reasonable price? I am sick to my stomach. Thanks!
Re: DDOS Bandwidth Fees on Win27 - holy sh**!
Hello,
DNS was outside hosted, which was a major issue here, we actually didn't even realize that until after 24 hours the attacks are still coming in(this because DNS cache continues for some still hitting quite a long time), with outside DNs there is virtually NO capability for us to redirect things fully.
We did a lot to stop this including making a blank index.html file which was the only HTML file being hit using bandwidth that is accounted for your user.
There was additional bandwidth 300x this being used as ICMP for a number of hours while we worked to block it, and with upstreams to get it blocked further and prevent impacting every server on the network.
We can evaluate things further but when all is calculated we are paying more than you are being charged in this attack, it was enough to increase our 95% for the entire month quite significantly.
What can be done to help? Well DNS pointing to servers that are used would have helped a lot as when this happens we can either drop the A record or move it to a loopback address preventing new joiners from having a DNS lookup that works.
We initially blocked over 700, only to have them replaced by 1000's more. This is a labor intensive process and not taken lightly as wrong inputs can block many people. Eventually the attacks went to a pattern we were able to sniff out and put a clamp on for the most significant of bandwidth there, in addition to removing the large index page your client had making it a file with just a <p> as contents saved you at least another $500 in auto charges.
We are willing to work with you on this but realize we have to work together and not against each other. We are taking a brunt of this in multiple ways. I've explained as well there were numerous people involved with this all of whom worked to stop this attack.
DDOS attacks aren't pretty for anyone, and there is no clear cut way to handle them as they cost all something.
Hello,
DNS was outside hosted, which was a major issue here, we actually didn't even realize that until after 24 hours the attacks are still coming in(this because DNS cache continues for some still hitting quite a long time), with outside DNs there is virtually NO capability for us to redirect things fully.
We did a lot to stop this including making a blank index.html file which was the only HTML file being hit using bandwidth that is accounted for your user.
There was additional bandwidth 300x this being used as ICMP for a number of hours while we worked to block it, and with upstreams to get it blocked further and prevent impacting every server on the network.
We can evaluate things further but when all is calculated we are paying more than you are being charged in this attack, it was enough to increase our 95% for the entire month quite significantly.
What can be done to help? Well DNS pointing to servers that are used would have helped a lot as when this happens we can either drop the A record or move it to a loopback address preventing new joiners from having a DNS lookup that works.
We initially blocked over 700, only to have them replaced by 1000's more. This is a labor intensive process and not taken lightly as wrong inputs can block many people. Eventually the attacks went to a pattern we were able to sniff out and put a clamp on for the most significant of bandwidth there, in addition to removing the large index page your client had making it a file with just a <p> as contents saved you at least another $500 in auto charges.
We are willing to work with you on this but realize we have to work together and not against each other. We are taking a brunt of this in multiple ways. I've explained as well there were numerous people involved with this all of whom worked to stop this attack.
DDOS attacks aren't pretty for anyone, and there is no clear cut way to handle them as they cost all something.