Singapore Dedicated Server Bandwidth (Uplink) | Network latency | Environment monitoring
Xssist™ Group Pte Ltd Singapore Dedicated Servers Client Testimonials Blog Community Frequently Asked Questions Contact Page
Singapore Dedicated Servers
Control Panel System
Control Panel System
Xssist Blog

DDOS (Distributed Denial of Service)

It is usual for Singapore hosts to disallow services like IRC. This is mainly to avoid DDOS attacks, which will bring down the provider's network. These attacks can be over 200 Mbps, and will disrupt other hosts within the same datacentre as well.

The attacker usually controls a large number of bots. These can be PC or servers which are hacked, and bots are installed. Given the large number of webservers, running php applications, there are a large number of sites which are vulnerable. Web hosting companies are especially vulnerable, since there are hundreds of websites on each server, and a customer would just click and install an application, such as phpBB, and leave it around for years without upgrading.

Such applications would be targeted, and they can be found easily through search engines. How? Just search for phpbb and you would get a large listing of sites. The attacker would use any vulnerable site found, and install bots, which can be something as simple as a 30 line perl script, which just listens on a port, and wait for the command to send out udp packets to flood the victim.

What happens to so called dedicated bandwidth then? If a provider gives you a dedicated 2 Mbps connection, why should the provider be concerned whether or not you host IRC servers? If you get attacked, wouldn't it be limited to the 2 Mbps? The answer is no. The provider uses a packet shaper or rate limit your connect to 2 Mbps. However, your provider can not control the amount of traffic going into his connection that he gets from his upstreams.

Therefore, if a server that has a "dedicated" 2 Mbps connection gets flooded with 200 Mbps of UDP packets, your provider needs to have more than 200 Mbps to withstand the attack.

In a DDOS on bandwidth, the victim must have more resources than the attacker. As long as the attacker can gather more bandwidth than the victim, the victim goes down. Since the victim needs to pay for his bandwidth, it is essentially limited. The attacker can gather "free" bandwidth.

How about firewalls, and appliances which claim to prevent or mitigate DDOS? Installing a firewall on your own link, which is 2 Mbps or 10 Mbps does not help at all. By the time the traffic reaches your firewall, it is utilising your bandwidth; and if the traffic is 200 Mbps, your 10 Mbps link is congested. A firewall at your upstream will help, if your upstream have 1 Gbps, and filters out all the DDOS traffic, leaving you with your usual traffic. However, your upstream gets additional 200 Mbps of unwanted traffic.

Essentially, it is a matter of resources. Your upstream can block the traffic, and make it look as if the attack has stopped, but the upsteam must have resources that is greater than the attack, and must be willing to do so.

What usually happens is that the Singapore datacentre gives up, and null routes the IP that is attacked; wait out the attack, usually a few days, and unblock the IP thereafter. This can be disastrous for a IP used for hundreds of sites, such as on a shared web server.

If you have comments, particularly if you use or represent a Singapore datacentre that can provide protection against DDOS on bandwidth, please send your comments via the contact form.

[Sysadmin] Access to servers via mobile device and ssh
[Sysadmin] RAID 0 scaling on SCSI U320, Bonnie++ 1.93c benchmark results
[Sysadmin] TODO (Apr 2007)
[Sysadmin] Recover from mistakes in /etc/fstab or e2label usage
[Sysadmin] Server overloaded?
[Sysadmin] Server load high: CPU bound
[Sysadmin] Smokeping: deluxe latency measurement tool
[Sysadmin] Smokeping
[Sysadmin] Jul 08 to Oct 08 updates
[Sysadmin] Weak link - downtimes caused by the organic being
[Sysadmin] BIOS upgrades - uniflash - hotflash
[Sysadmin] Sizing for Virtual Private Server (VPS) & SSDs
[Sysadmin] iphone, ipod - bluetooth keyboard - Nokia e51
[Sysadmin] e2label, fdisk, /etc/fstab, mount, linux rescue, rescue disk, CentOS
[Sysadmin] opensuse, fix waiting for mandatory device, eth0, eth1, eth2, eth3
[Sysadmin] mount: could not find filesystem '/dev/root'
[Sysadmin] Parallels Virtuozzo Physical server to Container migration (vzp2v)
[Web hosting] DDOS (Distributed Denial of Service)
[Web hosting] Uptime for dedicated server, VPS and shared server
[Web hosting] Shared, Guaranteed and Dedicated Bandwidth
[Web hosting] Unmetered bandwidth
[Web hosting] Free domains?
[Web hosting] Joomla Scalability
[SPAM handling] Tracking applications which are exploited for mass spam mailing
[Buzzwords] Clusters, Clustering
[Security] Destruction of faulty hard disks
[Storage] Benchmark using iometer on linux
[SSD] Benchmark Intel X25-E and Intel X25-M flash SSDs
[SSD] Intel X25-E 64GB G1, 4KB Random IOPS, iometer benchmark
[SSD] Intel X25-M 160GB G2, 4KB Random IOPS, iometer benchmark
[SSD] Comparison of Intel X25-E G1 vs Intel X25-M G2
[cPanel] ClamAV version has reached End of Life! Please upgrade to version 0.95
[cPanel] How to install Java, ImageMagick and ffmpeg
[Perl] Opening text files for reading, and simple regexp (regular expressions)