Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Mon Oct 15, 2012 12:03 pm 
Offline
Senior Member

Joined: Tue Aug 14, 2012 5:55 pm
Posts: 82
I have read these negative reviews about linode that it is unable to mitigate DDos attacks and will block my ip for sometime to keep other customers safe ?

Here is the link http://www.lowendtalk.com/discussion/4706/why-linode-sucks-a-personal-rant

I have two linodes and about to purchase third one but this needs to be answered before I go ahead.


Top
   
PostPosted: Mon Oct 15, 2012 12:17 pm 
Offline
Senior Member

Joined: Sun Sep 13, 2009 11:37 pm
Posts: 65
Is this a true account of how Linode handles DDOS? If so, this is fairly disturbing. I cannot afford to have my site go down for a minimum of 24 hours due to a script-kiddy.

I mean, if it does down for 24 hours as I try to fight the DDOS and get it back up, that's one thing. But going down for 24 hours because Linode black-holes me is kind of BS ...

Any response from Linode on this?


Top
   
PostPosted: Mon Oct 15, 2012 12:19 pm 
Offline
Senior Member

Joined: Mon Jul 05, 2010 5:13 pm
Posts: 392
If the DoS is small enough that you can "fight it", you're not going to get null routed.


Top
   
PostPosted: Mon Oct 15, 2012 12:25 pm 
Offline
Senior Member

Joined: Tue Aug 14, 2012 5:55 pm
Posts: 82
Quote:
If the DoS is small enough that you can "fight it", you're not going to get null routed.


You think a customer will go ahead get services from linode just hoping that DDos will be "small" ? Definitely not !


Top
   
PostPosted: Mon Oct 15, 2012 12:26 pm 
Offline
Senior Member

Joined: Mon Jul 05, 2010 5:13 pm
Posts: 392
sami1255 wrote:
You think a customer will go ahead get services from linode just hoping that DDos will be "small" ? Definitely not !


I actually didn't say anything like that at all.


Top
   
PostPosted: Mon Oct 15, 2012 12:29 pm 
Offline
Senior Member

Joined: Tue Aug 14, 2012 5:55 pm
Posts: 82
akerl wrote:
I actually didn't say anything like that at all.


True. I am actually trying to make a point, if the said article is correct, then linode seriously need to develop security structure for all customers. Otherwise no ones gona buy any excuse.


Top
   
PostPosted: Mon Oct 15, 2012 12:30 pm 
Offline
Senior Member

Joined: Wed Feb 13, 2008 2:40 pm
Posts: 126
I think it's BS that you expect Linode to leave thousands of other paying customers (and nevermind the likely effect on non-Linode customers in the same datacenter!) inaccessible while you "fight" a DDoS.

If you want DDoS protection, you need to pay more. There are providers out there that advertise that feature.


Top
   
PostPosted: Mon Oct 15, 2012 12:34 pm 
Offline
Senior Member

Joined: Sun Sep 13, 2009 11:37 pm
Posts: 65
That's not at all what I'm suggesting. The article claims Linode black-holed his website for a 24 hours minimum and would not provide him with any information whatsoever beyond that. It's a situation where you are completely fucked with no ability to investigate.

I"m not suggesting Linode compromise other people's boxes because you got DOS'd. But shutting you down for 24 hours with no information and no status reports is not how I would expect the situation to be handled.


Top
   
PostPosted: Mon Oct 15, 2012 12:50 pm 
Offline
Senior Member

Joined: Tue Aug 14, 2012 5:55 pm
Posts: 82
Its just a horrible thought to have clients calling "our business is down do something" while I wait for linode to open up after 24 hours. if true its simply absurd !


Top
   
PostPosted: Mon Oct 15, 2012 12:57 pm 
Offline
Senior Member
User avatar

Joined: Sun Dec 27, 2009 11:12 pm
Posts: 1038
Location: Colorado, USA
What hogwash, the rant goes on to say "Linode customer service is not a team player".

Lets see, they take steps to protect tens of thousands of customers at the inconvenience of ONE client and they're not a team player?

Bwahahahahahahahaha.

As to no info, they explained that YOUR DDOS problem was effecting THEIR network. How much more info do you need.

If a 24hr downtime grossly effects your online business, then you need to take steps BEFORE it happens to prevent it. Bitching about your provider when THEY take steps to prevent it from spreading just shows how clueless you are about running a 4 or 5 nines operation.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.


Top
   
PostPosted: Mon Oct 15, 2012 1:09 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 10:32 pm
Posts: 246
Location: NJ, USA
We do monitor our network closely and when a DoS attack disrupts the quality of service of other customers we null route the target.

We have big pipes, network equipment, manpower, and tools to keep these occurrences to a minimum. We communicate status reports with the customer throughout the entire process. The null route is periodically checked and is lifted when the attack subsides enough that it does not negatively impact other customers. This is most often less than 24 hours.


Top
   
PostPosted: Mon Oct 15, 2012 1:54 pm 
Offline
Senior Member

Joined: Sun Sep 13, 2009 11:37 pm
Posts: 65
[quote="tasaro"]We do monitor our network closely and when a DoS attack disrupts the quality of service of other customers we null route the target.

We have big pipes, network equipment, manpower, and tools to keep these occurrences to a minimum. We communicate status reports with the customer throughout the entire process. The null route is periodically checked and is lifted when the attack subsides enough that it does not negatively impact other customers. This is most often less than 24 hours.[/quote]

This is what I was wanting to hear. Given the tone of the blog-post, I expected it was a bit exaggerated. As long as Linode will monitor and communicate the status and lift the black-hole when the DOS ceases, that seems reasonable to me.


Top
   
PostPosted: Mon Oct 15, 2012 4:38 pm 
Offline
Senior Member

Joined: Sat Jun 05, 2004 12:49 am
Posts: 333
Considering it comes from LEB/LET those aren't going to be unbiased reviews. Non-trivial amount of those people are providers who probably have no clue how to run a business.

Check out the Deadpool on how many of these 'great' providers go away: http://www.lowendbox.com/category/deadpool/

If Linode did suck as much as they say, and they're so much better, why exactly havent they taken Linode's business?


Top
   
PostPosted: Thu Dec 06, 2012 9:09 am 
Offline
Senior Newbie

Joined: Sun Dec 02, 2012 7:52 pm
Posts: 10
This is a disappointing post since I’m just on the verge of choosing Linode… It's just the first negative view that I find. Although Linode communication sounds reasonable, I can help to think that if I were the owner of the DDOS’ed site, I would want a bit more sacrifice from a hosting team (and I’m not saying it didn’t existed in that particular case)… I mean, the "Servers on demand. Support that cares" kind of help...
And by the way…

akerl wrote:
If the DoS is small enough that you can "fight it", you're not going to get null routed.

Are you serious??? I think this is a somewhat unfortunate answer..(But that’s just me).

Alucard wrote:
If you want DDoS protection, you need to pay more.(...)


In my view that’s not a valid argument, but I guess you should feel free to start donating to them!!!

sami1255 wrote:
Let’s see, they take steps to protect tens of thousands of customers at the inconvenience of ONE client and they're not a team player?


This just makes the opposite point of what you intended!! I mean, a team player wouldn't differentiate between the tens of thousands and the poor guy that's being screwed up with the DDOS attack!! If you don't agree with me now, just wait until you're that ONE guy! Then come back and tell us...

Still,

sami1255 wrote:
I have two linodes and about to purchase third one …

If you’re going for the third one I suppose you’re happy with the service, I mean, why would you give more credit to this blog post than you do to your own experience?

@deadwalrus is probably right
deadwalrus wrote:
Given the tone of the blog-post, I expected it was a bit exaggerated...

... the unwise and destructive tone of the blog-post makes more case than the majority of the answers in this thread. I wonder why is that?

Please don’t take my words out of context (as I’ve seen before). I’m not saying Linode should disregard the safety of other customers or their own, but I would/will expect them to bear with me especially on complicated situations. That’s what team players do!!

By the way, I’m just a noob… don’t know much… and that’s just an opinion on my first post.


Top
   
PostPosted: Thu Dec 06, 2012 2:04 pm 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
Well, Linode's approach is basically the same as almost every other hosting company:

1) If the attack is not impacting other customers, they let you deal with it yourself (as there are mitigation techniques you can use on the target)

2) If the attack is impacting other customers, they try to minimize the damage by null-routing you

If an attack is large enough that it impacts multiple customers, there isn't really anything a host can do EXCEPT null route you. Some hosts offer specific DDoS protection. This is generally done in one of two ways:

1) Dedicated DDoS mitigation hardware that works with a hardware firewall to attempt to filter out much (or all) of the attack at the edge of the network. This only works for medium sized attacks, because it is ineffective if the attack is big enough to cause performance problems even at the edge of the network.

2) Throw massive amounts of bandwidth at the problem, making it difficult to bring down a target inside the network. This one is basically "dramatically over-engineer your network with the sole intent of handling large DDoS attacks".

Both of these approaches are expensive to implement, the second one extremely so (since it involves over-engineering EVERY level of the service). Linode can't afford to incur those sorts of expenses to mitigate DDoS attacks, so the only remaining option is thankfully the one that is most effective: null route. With this approach, the attack is completely negated because there is no longer any IP to attack.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group