Teamspeak 3 Anti-DDoS Provider List

[Hydra]

Well they changed routing for polish ISP-s, so that polish users don't get timed out/loss. Considering that, I wouldn't think they would jump the ship very fast, since most of their userbase will be unaffected.
For me. Well I'm getting f*cked all time, cause mostly the issues are on the telia upsteam. 90% of my userbase uses telia based ISP. Changing cause of that soon. Other than that hosteam.pl is one of the few hosts that actually stays usable when you get ~50gbit flood. Until you hit their nullroute cap, their filtering is still one of the best ones out there. I'd say Ovh GAME, livingbots, hosteam.pl, link11 hybrid are the only four host that stay usable under ~50gbit flood.

EDIT: To add to the telia problem on hosteam.pl . This only started a month ago for me. I was a happy customer for 6 months before that with no network problems.

Its a understandable move to solve the problem first for their main user base. Maybe they will solve it soon for other users. Or they will limit their service to polish.

 

[oalaro]

Its a understandable move to solve the problem first for their main user base. Maybe they will solve it soon for other users. Or they will limit their service to polish.

Seems like I have also been affected by the routing change on hosteam.pl . In a good way, since connection has been stable for the last 5 days. 7ms extra but that doesn't bother me. Stable connection is all i want. It seems like they are doing some work on the telia link, since the ip that was assinged to it before isn't responding.

 

[oalaro]

One more reason not to use Staminus EVER.
https://leakforums.net/thread-691896
https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/
http://hastebin.com/raw/oweyukamuj

 

[kingston]

One more reason not to use Staminus EVER.
https://leakforums.net/thread-691896
https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/
http://hastebin.com/raw/oweyukamuj

So? It was a rare, unusual incident and every single service provider might have one or already had one. This includes your favourite (and pretty lame with their cheats) Hosteam that still needs to become a target, too. I hope that i will see you here then, writing so vigorously about not using Hosteam ever.

Not long ago i wrote about a serious incident in OVH where about 700 servers were rooted and targeted at OVH's canadian site which caused one of their links to go down instantly. Things like that happen and will happen. In 2014 even CloudFlare got hit and those 400gbit basically nailed them down. Would you run around instantly and tell people not to use CF ever? And in case of Hosteam just a fraction of that would fry them instantly...

 

[Qraktzyl]

Yeah but let's be honest here, you will never be targeted directly unless you have a lot of ennemies / competitors. (with 400 gbps lol)

 

[kingston]

We still don't know what has really happened there. Owning their edge devices, like routers, doesn't seem like a normal thing to me. They somehow got a root pass and that's it. Still they had to get access to the internal network first to login. Smells like some ex-sysadmin's revenge or bribed worker to me. And i really don't believe that company like that uses one password for all routers. I also don't believe that any security company stores CC numbers in plain text.

Could it be a perfect setup? I think so.

 

[rofl cake]

i really don't believe that company like that uses one password for all

You will be surprised how often this is true.

I also don't believe that any security company stores CC numbers in plain text.

cc numbers, perhaps not. However plain text format for other things other than just cc numbers is very true.

 

[kingston]

Yes, it might be true but on encrypted filesystems. And still not with CC. I just don't quite buy it and i insist that it was rather a setup by some insider or ex-worker. They were totally owned and made look like a bunch of fools and amateurs basically. Guess we will never know.

 

[oalaro]

This includes your favourite (and pretty lame with their cheats) Hosteam that still needs to become a target, too. I hope that i will see you here then, writing so vigorously about not using Hosteam ever.

What's up with your personal beef with me? I gave my honest opinion on hosteam.pl-s DDoS protection. You seem to have personal disgust for them. Now you think that everybody should hate them. Also I gave them a fair share in blame when their telia uplink was getting dropped every other day.

And in case of Hosteam just a fraction of that would fry them instantly...

And I'm fine with that. Most kids with booters will never reach nullroute limit, or else no-one would use the host like half of gamtrackers top 30 server do.

Not long ago i wrote about a serious incident in OVH where about 700 servers were rooted and targeted at OVH's canadian site which caused one of their links to go down instantly.

This is user error that the servers got rooted, not OVH-s. OVHs fault was that they didn't have failchecks for internal DDoS that might happen.

In 2014 even CloudFlare got hit and those 400gbit basically nailed them down.

They never got Cloudflare itself down. They attacked CloudFlare's direct peers and IX-s directly that resulted in a local disruption.
https://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet/

Once the attackers realized they couldn't knock CloudFlare itself offline even with more than 100Gbps of DDoS traffic, they went after our direct peers.

Beyond attacking CloudFlare's direct peers, the attackers also attacked the core IX infrastructure on the London Internet Exchange (LINX), the Amsterdam Internet Exchange (AMS-IX), the Frankfurt Internet Exchange (DE-CIX), and the Hong Kong Internet Exchange (HKIX).

The examples you make have nothing to do with personal information, like Staminus leak has. This is beyond bad service + downtime. Also their have been confirmations that the plaintext CC info is correct.

~ Use one root password for all the boxes

~ Expose PDU's to WAN with telnet auth

~ Never patch, upgrade or audit the stack

~ Disregard PDO as inconvenient

~ Hedge entire business on security theatre

~ Store full credit card info in plaintext

~ Write all code with wreckless abandon

 

[kingston]

This is not about me. It's about you. Lots of bullshit to correct again. I will get back to this later today.

 

[0x0539]

This is not about me. It's about you. Lots of bullshit to correct again. I will get back to this later today.

Lol'd.

 

[rofl cake]

i insist that it was rather a setup by some insider or ex-worker.

I agree with you. It's to shady of a coincidence for this type of a targeted attack. Perhaps this "public" "leak" has some deeper meaning than just some rampage Joe ex-employee.

 

[Hydra]

I will later add ddos-guard.net and psychz networks to the list. Im in hand of them at the moment and testing their behavior under ddos.

 

[oalaro]

I will later add ddos-guard.net and psychz networks to the list. Im in hand of them at the moment and testing their behavior under ddos.

Looking forward to ddos-guard.net review.

 

[denka]

ddos-guard only supports TCP at least they only did when i contacted them a few months ago

 

[Hydra]

Looking forward to ddos-guard.net review.

Alright I tested ddos-guard and its pretty solid. But theres an often used attack which going trough the filters. Also they are extremly pricely in bandwidth.

 

[Rijndael]

We still don't know what has really happened there. Owning their edge devices, like routers, doesn't seem like a normal thing to me. They somehow got a root pass and that's it. Still they had to get access to the internal network first to login. Smells like some ex-sysadmin's revenge or bribed worker to me. And i really don't believe that company like that uses one password for all routers. I also don't believe that any security company stores CC numbers in plain text.

Could it be a perfect setup? I think so.

What really happened is simple.... Shellshock. That attack occurred when the shellshock bash vuln was discovered. Attackers launched attacks to different internal nodes using ovh's own "shockvulnerable" servers, they got lucky, since there was no defence mechanism in use on ovh's internal network at that time

OVH also mentioned this on an official post.

 

[graphic]

DDoS-Guard filters just fine! only the special ts3 attack comes through.

 

[freets3.ovh]

just buy a game server from ovh, and bye the ddos

 

[oalaro]

Spoiler

Dear Customer, we're excited to inform you that new 800Gbps DDoS Protection is now in public beta into SeFlow Network

Scrubbing center mitigation techniques alone are not designed to manage today’s highly sophisticated and distributed attacks. You need to deploy a multi-layered security approach backed by extensive threat research to defend against a variety of attack types. Only network-based DDoS mitigation solutions can provide realistic protection to enterprise resources. SeFlow created a SOC department, pool of security expert team, avaiable 24x7 to keep your data safe and protected.

How SeFlow can protect up to 800Gbps (4.2Tbps on know patterns)? We're now partner of Level 3 Communications and our network is now protected, for volumetric attack, by the whole Level 3 Networks. Special and dynamics rules was applied on all Level3 router and firewall ensuring 4.2 Tbps DDoS Protection for well know attacks, like DNS, NTP, SNMP, Chargen Amplifications and much more.

As second defense layer we had various sensors that analyze traffic and if an anomalies is found, redirect the IP to our filters. Filters are a cluster that can absorb up to 80Gbps of dirty packets. Traffic will be analyzed, cleaned and injected into the network. Our filters analyze in real-time any attack to guarantee enterprise grade protection in any condition, no matter if attack changes.

Avaiable Plans? We want ensure that every customer will be able to keep protected and we created new plans.

• DDoS Protected IP: You can protect single ip address at only €9 /m. You will have access to our SeGuard Anomaly Panel. You will be able to monitor anomaly in real-time or create stats, report and much more. Any existing IP can be converted in DDoS Protected IP without downtime. Just open a ticket to our SOC department and we will do it. No changes needed at yout end.
  
  
• Whole Server: You can protect entire server for only €49 /m, no matter how many ips you have on it. You will be able to monitor anomaly in real-time or create stats, report and much more. Any existing server with free protection can be converted in a DDoS Protected Server without downtime. Just open a ticket to our SOC department and we will do it. No changes needed in your end.
  
  
• Remote DDoS Protection: Remote DDoS Protection is also available for clients who require mitigation services at their own facility. Using GRE tunnels, we can divert traffic to our network for inspection, analysis and filtering to ensure high availability of your online business or project. Price start from €400 /m with 500Mbps clean pipe.

What's next? We're moving some DDoS Protected Customers in our new SeGuard system and will start the public beta. After this stage all existing DDoS server will be migrated into this platform and legacy SeGuard will be discontinued. We will launch full service description and ability to buy it online in next days.


For existing or new customers that can't wait we can start protect immediately, please open a trouble ticket to our SOC ( https://manage.seflow.it/index.php?/tickets/new/ ) and you will enjoy the power of our new protection. Everybody will submit any DDoS Protected plan during this stage, will have 20% full discount for life.

Thank you for choosing SeFlow Internet Service, our new SOC department is impatient to show all his experience in Network Protection.

SeFlow.Net Team

Seems promising.