grc.com off the net.
-
He's not. He's directly on the internet. Steve Gibson said that he felt it was unlikely that his services would be able to exist behind a normal proxy because his products like Shields Up and DNS spoofability do 'odd' things that normal sites don't need to do.
As for his connection. Steve's half rack has a 100 Mb connection to the DC, but he's paying for 10 Mb at 95/5, so he can burst when needed, but it keeps his bill manageable for him.
-
@scottalanmiller said:
I wonder if he isn't behind someone like CloudFlare? If he was, that NTP attack could not touch him.
Normally I'd post on his newsgroup to let him know about things like CloudFlare, but without his normal services online I have no way of getting a message to him. I think the only communication channel he maintains outside of his own stuff is twitter.
-
Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.
Leo LaPort even offered to reach out to CF and see if the Twit network could work out some sort of deal on Steve's behalf to get Steve the protection.
-
@Dashrender said:
Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.
What kind of site is he running? ML cant work behind it because of Websockets. Is his site a blog or what?
-
Shields Up and DNS Spoofability are two utilities that site visitors can kick off that send half syn packets, and other weirdness to produce results.
Example, Shields Up does a port scan of the IP you're visiting the site from to see if your machine is responding. It does more than just a ping, it tries all kinds of tricks (short of port knocking) to see if it can get a response on the in test ports.
-
@scottalanmiller said:
@Dashrender said:
Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.
What kind of site is he running? ML cant work behind it because of Websockets. Is his site a blog or what?
He's got a lot of services like "ShieldsUp" that does port scans of your public facing IP address. So any sort of filtering would block a lot of what he's made available over the years.
-
@travisdh1 said:
@scottalanmiller said:
@Dashrender said:
Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.
What kind of site is he running? ML cant work behind it because of Websockets. Is his site a blog or what?
He's got a lot of services like "ShieldsUp" that does port scans of your public facing IP address. So any sort of filtering would block a lot of what he's made available over the years.
Oh, yeah that would not work.
-
@scottalanmiller Honestly, I'm surprised this didn't happen before with how vulnerable his stuff apparently is/was.
-
@travisdh1 said:
@scottalanmiller Honestly, I'm surprised this didn't happen before with how vulnerable his stuff apparently is/was.
Sounds that way.
-
@travisdh1 said:
@scottalanmiller Honestly, I'm surprised this didn't happen before with how vulnerable his stuff apparently is/was.
What makes you say that?
FYI, he has been DDOS'ed in the past, several times. He just doesn't publicize it. One time he was being attacked by a kid - Steve was able to find the IRC channel the kid was using to control his botnet, broke into the IRC Channel and asked him why he was pestering him. At that time I think it was just a prank, but Steve didn't give any more details.
Sure it doesn't take much to knock him off the net - Steve only has a max 100 Mb, but how many sites do? Very few sites pay to prevent themselves from being DDOS'ed at 13 Gb.
-
@Dashrender said:
Very few sites pay to prevent themselves from being DDOS'ed at 13 Gb.Most do, actually.
-
@scottalanmiller said:
@Dashrender said:
Very few sites pay to prevent themselves from being DDOS'ed at 13 Gb.Most do, actually.
Most, meaning more than 50%?
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Very few sites pay to prevent themselves from being DDOS'ed at 13 Gb.Most do, actually.
Most, meaning more than 50%?
Assuming business sites rather than like random personal blogs and stuff, yes. Business sites, at least "real" ones not including the free site for the diner on the corner, have some degree of DDOS protection. Even my dad's prayer group website does. And it's just for six guys scheduling breakfast.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Very few sites pay to prevent themselves from being DDOS'ed at 13 Gb.Most do, actually.
Most, meaning more than 50%?
Assuming business sites rather than like random personal blogs and stuff, yes. Business sites, at least "real" ones not including the free site for the diner on the corner, have some degree of DDOS protection. Even my dad's prayer group website does. And it's just for six guys scheduling breakfast.
Sure, but he also is either an IT pro or has you directing them to use the free service of CF.
I'll agree most, probably over 75% of larger businesses are using something like CF for at least a little protection.
But I really wonder if CF give protection against 13Gb attacks to a free customer?
-
@Dashrender said:
But I really wonder if CF give protection against 13Gb attacks to a free customer?
Of course they do. They don't work for him, he's a special case. But as a general case, he would have been totally protected here.
-
@Dashrender said:
I'll agree most, probably over 75% of larger businesses are using something like CF for at least a little protection.
It's quite a lot. I've worked with them during some massive government-backed attacks and nothing stops places like China bringing you down, but CF does some impressive stuff.
-
@scottalanmiller said:
@Dashrender said:
But I really wonder if CF give protection against 13Gb attacks to a free customer?
Of course they do. They don't work for him, he's a special case. But as a general case, he would have been totally protected here.
Yeah as I wrote that I was wondering more if the protection would be provided not because they are a paying/non paying customer, but because of the architecture.
Assuming that all 1 Pb+ bandwidth that CF has isn't being trashed, they are probably just protecting everyone equally.
-
@Dashrender said:
Assuming that all 1 Pb+ bandwidth that CF has isn't being trashed, they are probably just protecting everyone equally.
Sort of, but that isn't how it works. They have DDoS detection and they go to work trying to mitigate when it kicks on. What is and isn't a DDoS is rarely clear and fending one off always involves coordinating everyone involved.
-
@scottalanmiller said:
@Dashrender said:
Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.
What kind of site is he running? ML cant work behind it because of Websockets. Is his site a blog or what?
This is completely not true. You can use Websockets with CloudFlare, you just have to pay for it. It has been that way since August of 2014.
Your statement is a complete lie.
-
@JaredBusch said:
@scottalanmiller said:
@Dashrender said:
Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.
What kind of site is he running? ML cant work behind it because of Websockets. Is his site a blog or what?
This is completely not true. You can use Websockets with CloudFlare, you just have to pay for it. It has been that way since August of 2014.
Your statement is a complete lie.
Okay yes, with the enterprise level support which is $11K a month, I've been told, then CF will do this.