(no title)
janinge | 12 years ago
One of my servers were once used in a amplification attack (DNSSEC...) for a few days before I noticed. I guess Hetzner didn't detect this because just the uplink got saturated. Had to manually request a null route so I could SSH to another IP alias on the box. I wouldn't mind if they automatically did this for me since the offending IP would be unavailable either way. At least they don't charge you for DDoS traffic, like my current European budget provider does.
If you move to something like Cloudflare, make sure to at least firewall off everything but their IP addresses. Otherwise it will be trivial for the attacker to connect to all the port 80's in the IP allocation to the provider they know you were using, and compare the responses to what they get from Cloudflare, to obtain your service's origin.
No comments yet.