What Do Linode do If I Get DDOS

Is this a true account of how Linode handles DDOS? If so, this is fairly disturbing. I cannot afford to have my site go down for a minimum of 24 hours due to a script-kiddy.

I mean, if it does down for 24 hours as I try to fight the DDOS and get it back up, that's one thing. But going down for 24 hours because Linode black-holes me is kind of BS …

Any response from Linode on this?

If the DoS is small enough that you can "fight it", you're not going to get null routed.

> If the DoS is small enough that you can "fight it", you're not going to get null routed.

You think a customer will go ahead get services from linode just hoping that DDos will be "small" ? Definitely not !

@sami1255:

You think a customer will go ahead get services from linode just hoping that DDos will be "small" ? Definitely not !

I actually didn't say anything like that at all.

@akerl:

I actually didn't say anything like that at all.

True. I am actually trying to make a point, if the said article is correct, then linode seriously need to develop security structure for all customers. Otherwise no ones gona buy any excuse.

I think it's BS that you expect Linode to leave thousands of other paying customers (and nevermind the likely effect on non-Linode customers in the same datacenter!) inaccessible while you "fight" a DDoS.

If you want DDoS protection, you need to pay more. There are providers out there that advertise that feature.

That's not at all what I'm suggesting. The article claims Linode black-holed his website for a 24 hours minimum and would not provide him with any information whatsoever beyond that. It's a situation where you are completely fucked with no ability to investigate.

I"m not suggesting Linode compromise other people's boxes because you got DOS'd. But shutting you down for 24 hours with no information and no status reports is not how I would expect the situation to be handled.

Its just a horrible thought to have clients calling "our business is down do something" while I wait for linode to open up after 24 hours. if true its simply absurd !

What hogwash, the rant goes on to say "Linode customer service is not a team player".

Lets see, they take steps to protect tens of thousands of customers at the inconvenience of ONE client and they're not a team player?

Bwahahahahahahahaha.

As to no info, they explained that YOUR DDOS problem was effecting THEIR network. How much more info do you need.

If a 24hr downtime grossly effects your online business, then you need to take steps BEFORE it happens to prevent it. Bitching about your provider when THEY take steps to prevent it from spreading just shows how clueless you are about running a 4 or 5 nines operation.

We do monitor our network closely and when a DoS attack disrupts the quality of service of other customers we null route the target.

We have big pipes, network equipment, manpower, and tools to keep these occurrences to a minimum. We communicate status reports with the customer throughout the entire process. The null route is periodically checked and is lifted when the attack subsides enough that it does not negatively impact other customers. This is most often less than 24 hours.

@tasaro:

We do monitor our network closely and when a DoS attack disrupts the quality of service of other customers we null route the target.

We have big pipes, network equipment, manpower, and tools to keep these occurrences to a minimum. We communicate status reports with the customer throughout the entire process. The null route is periodically checked and is lifted when the attack subsides enough that it does not negatively impact other customers. This is most often less than 24 hours.

This is what I was wanting to hear. Given the tone of the blog-post, I expected it was a bit exaggerated. As long as Linode will monitor and communicate the status and lift the black-hole when the DOS ceases, that seems reasonable to me.

Considering it comes from LEB/LET those aren't going to be unbiased reviews. Non-trivial amount of those people are providers who probably have no clue how to run a business.

Check out the Deadpool on how many of these 'great' providers go away: http://www.lowendbox.com/category/deadpool/

If Linode did suck as much as they say, and they're so much better, why exactly havent they taken Linode's business?

This is a disappointing post since I’m just on the verge of choosing Linode… It's just the first negative view that I find. Although Linode communication sounds reasonable, I can help to think that if I were the owner of the DDOS’ed site, I would want a bit more sacrifice from a hosting team (and I’m not saying it didn’t existed in that particular case)… I mean, the "Servers on demand. Support that cares" kind of help…

And by the way…

@akerl:

If the DoS is small enough that you can "fight it", you're not going to get null routed.
Are you serious??? I think this is a somewhat unfortunate answer..(But that’s just me).

@Alucard:

If you want DDoS protection, you need to pay more.(…)

In my view that’s not a valid argument, but I guess you should feel free to start donating to them!!!

@sami1255:

Let’s see, they take steps to protect tens of thousands of customers at the inconvenience of ONE client and they're not a team player?

This just makes the opposite point of what you intended!! I mean, a team player wouldn't differentiate between the tens of thousands and the poor guy that's being screwed up with the DDOS attack!! If you don't agree with me now, just wait until you're that ONE guy! Then come back and tell us…

Still,

@sami1255:

I have two linodes and about to purchase third one …

If you’re going for the third one I suppose you’re happy with the service, I mean, why would you give more credit to this blog post than you do to your own experience?

@deadwalrus is probably right @deadwalrus:

Given the tone of the blog-post, I expected it was a bit exaggerated…
… the unwise and destructive tone of the blog-post makes more case than the majority of the answers in this thread. I wonder why is that?

Please don’t take my words out of context (as I’ve seen before). I’m not saying Linode should disregard the safety of other customers or their own, but I would/will expect them to bear with me especially on complicated situations. That’s what team players do!!

By the way, I’m just a noob… don’t know much… and that’s just an opinion on my first post.

Well, Linode's approach is basically the same as almost every other hosting company:

1) If the attack is not impacting other customers, they let you deal with it yourself (as there are mitigation techniques you can use on the target)

2) If the attack is impacting other customers, they try to minimize the damage by null-routing you

If an attack is large enough that it impacts multiple customers, there isn't really anything a host can do EXCEPT null route you. Some hosts offer specific DDoS protection. This is generally done in one of two ways:

1) Dedicated DDoS mitigation hardware that works with a hardware firewall to attempt to filter out much (or all) of the attack at the edge of the network. This only works for medium sized attacks, because it is ineffective if the attack is big enough to cause performance problems even at the edge of the network.

2) Throw massive amounts of bandwidth at the problem, making it difficult to bring down a target inside the network. This one is basically "dramatically over-engineer your network with the sole intent of handling large DDoS attacks".

Both of these approaches are expensive to implement, the second one extremely so (since it involves over-engineering EVERY level of the service). Linode can't afford to incur those sorts of expenses to mitigate DDoS attacks, so the only remaining option is thankfully the one that is most effective: null route. With this approach, the attack is completely negated because there is no longer any IP to attack.

I think that’s reasonable and I agree with that approach as you put it!

Make some room because I’m coming in!!!