

5 facts about DDoS attacks - centarra
http://centarra.com/2014/03/14/5-facts-about-ddos-attacks.html

======
jgrahamc
_The number of exclusively layer 7 attacks we 've seen since beginning this
project is basically zero._

I'm happy that for you that you don't see these attacks, because I can tell
you that we see Layer 7 DDoS attacks frequently, but perhaps just go read HN
story #1 about the Github DDoS.

~~~
nenolod
The Github attack was a volumetric flood, this most certainly has layer 3
properties.

The post clearly discusses layer7 floods which do not have layer3 properties
(such as slowloris.pl, rudy.pl, etc.) which are uncommon.

It would be a safe bet to say that the Github attack had layer-3 properties.

~~~
jgrahamc
_After some investigation, we discovered that we were seeing several thousand
HTTP requests per second distributed across thousands of IP addresses for a
crafted URL._

That sounds like layer 7 to me.

~~~
nenolod
This has layer3 properties, such as connection rate, and was most likely
mitigated using layer 3 filtering.

------
pktgen
Everything in this post is accurate. L7 protection at the endpoints (use 10GbE
ports if necessary), L3/L4 protection in the network. And although I've never
heard of the company, nenolod knows what he's doing.

Suggestion for them: improve your site, fix the colocation 404, provide info
about your locations (perhaps it's available if I register for your client
portal, but I don't want to do that until I know it would otherwise meet my
needs), provide info about your network (transit and peering).

------
Slumberthud
Hey, this Centarra sounds cool! [Click on "Colocation" link at top of web
page.] 404 Not Found.

------
ecaron
tl;dr; "Every solution that isn't made by us isn't good."

~~~
DiabloD3
Its a true statement. I have personally evaluated almost every DDoS solution
(either by looking at reports on how well they fared often posted on HN, or by
having sites I regularly use go down because the solution they bought failed
them), and I ended up going with Centarra because they're the only ones that
don't have a history of failure.

