Hi!
On the forums (I took this from a older thread) I saw things regarding:
IP rate limit sustained 2571306 distributed packets at 85710.2 pps (14999 buckets).
IP rate limit under distributed packet load (6785 buckets, 9001 global count), rejecting 69.15.142.250:10250.
IP rate limit sustained 2037121 distributed packets at 67904.0 pps (6056 buckets).
IP rate limit under distributed packet load (6679 buckets, 9001 global count), rejecting 4.202.201.60
1288.
IP rate limit sustained 1667233 distributed packets at 55574.4 pps (6212 buckets).
Anyone saying "Any good host can protect against this"
Kind of... So ArborNetworks can't do much unless you order extended licenses. Great.
If you then were that guy who bought their extended license (which has a high cost to it) you'll find out it will filter real traffic aswell. So you'll have quite some false positives
How does it work with guys like OVH? They use pre-caching i know, but how?
Analyzing this in a pcap file (Which I can add here on request), it's not much bandwidth used, but alot of packets.
I was peaking at 500k packets per second.
Is there no way to fix this? Of course blocking the port works great. But then services will also be blocked.
I know how ddos works, and how protection works so please dont "You have no idea". However, there must be some rules etc to fix this. Many servers in the world has fixed it.
I read something about pre-caching which I found interesting, but I could't quite figure it out.
Please, if anyone knows anything, let me know!