Our DDoS protection solution is represented worldwide.
Currently we have hundreds of customers in 117 cities all over the world. And we continue to develop!
If your city is still out from the map, let’s join us to add!
Our company has been using DPS from Terabit Security to improve detection the malicious traffic targeting our cloud infrastructure. The improvements provided by this tool help us to detect and trigger mitigation techniques at early stage before the situation evolve to critical stages, when availability starts being affected. DPS empower users to customize thresholds based on their own traffic patterns, as well integrate with other tools such as time series databases and anomaly detection algorithms. We are truly grateful to Pavel and all the contributors, and wish the project further success making DDoS detection open source and free accessible to internet community.
We have recent implemented DPS for alerting of DDoS attacks on our network as well as automatically triggering blackhole action. It is great to see an active community of DPS users as well as a rapid pace of new features being added to the platform. The main feature that attracted me to DPS was the support for handling multiple input methods simultaneously (sflow, NetFlow and on-the-wire capture).
We have been using DPS from Terabit Security for about 2 months for early detection of DDoS attacks towards our customers.
Currently we are monitoring ~ 1000 subnets and using traffic samples collected via sFlowv5 protocol configured on our core switches.
The DPS is running on a virtual server with 1 CPU core (Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz) and 4 Gbps of RAM.
We are monitoring only incoming traffic and do not use any scripts, bgp announcement, etc. At the moment we use it as notification tool only.
DPS is great tool, efficient and reliable. Its installation is easy as a,b,c.
DPS kicks ass!
The best thing we can tell about DPS from Terabit Security — it’s simple, but extremely powerful.
We use DPS to analyze traffic from our border switches and make decisions on protecting our network automatically.
With DPS and 10 lines of bash code we decide to ban, re-route or simply do nothing with the attack while informing the customer about the issue within couple of seconds after the problem arisen.
Here at yourserver.se we run DPS in highly available mode — border switches send sFlow statistics to both datacenters simultaneously,
DPS integrates with ExaBGP, which announces the attack destination back to the switches, marked with the BGP community we need to make the
correct protection decision: either blackhole, block UDP flood or just notify the customer.
We are looking into integrating DPS with graphite to give our technical support team better look on the attacks and to have even better analytics.
We’d like to thank Pavel, the creator of DPS, for active and continuous development of DPS and, of course, for avoiding many sleepless nights and customer complaints
myVirtualserver is a VPS hosting company and Internet Service Provider in Western Europe (Germany). We had many customers complaining about incoming DDoS attacks and packet loss, caused by outgoing DDoS of customers.
Every time the problem was reported or we noticed that the incoming/outgoing traffic is really high we needed to manually log into the host and find out what’s the problem. Sometimes we even weren’t able to log into the server because the link was completely flooded and we were forced to use the KVM over IP. If it was incoming DDoS then we had no choices and the only option was to nullroute/blackhole the customers IP. Nowadays we are using asynchronic routing. Incoming traffic is filtered by Voxility SRL and outgoing sent through several providers(Cogent, …).
DPS from Terabit Security really improved our workflow and helped us maintain a stable network. The traffic flow is exported to graphite by using DPS’s sFlow implementation. Additionally the statistics (See: ATTACK_REPORT_EXAMPLE.md) provided by the toolkit are automatically parsed by our system, and the customer is informed about this incident. If it’s outgoing one we make clear that we do not tolerate DDoS and the service may be suspended. Additionally a report is automatically sent to the administrator’s phone (Boxcar Mail integration). In the last few days not one outgoing attack has been detected. DPS gives us insight about the several attacks targeting our network each day and we can now handle this flawlessly. If Voxility is not detecting an attack (only barely happens) we are able to respond within seconds and mitigate the attack manually. Our network statistics are in real-time thanks to Terabit Security. Attached you will find a picture of our current dashboard
In general we can say that we’re really happy that such a toolkit exists. Without it the daily life of every network administrator would be much harder and personally, I don’t want to spend my whole day solving network incidents and answering tickets from concerned customers. Today I have much more time, focusing on more important things like developing new features for our hosting environment or fixing bugs. I can rest easily without hearing my phone ringing because some services are down as before. Hereby I’m thanking Pavel for his great toolkit licensed under the GNU v2 license. Additionally we had some nice Skype conversations about other topics like OpenVZ virtualization, as be both share the same passion about container virtualization and I can’t thank him enough. Keep it up!!!
In August 2015, we launched Vscale, a new service that offers low-cost virtual servers specially designed for developers. There was the risk that inexpensive, custom virtual machines may attract clients planning to organize various virtual attacks over the Internet. That is why we decided to create a mechanism for the fast identifying and preventing such incidents and determining which of our clients were under attack.
These issues were initially resolved visually using graphs of our channel loads and the results of a netflow analysis. With netflow, traffic is processed with a 2 minute delay (30 seconds for flow timeout on routers and 1 minute between launching traffic analysis scripts on the collector).
That is why for real-time traffic monitoring, we began to use sFlow. It reacts much faster to network anomalies and sampling is not essential when using data to determine an attack. Moreover, sFlow lets you retrieve information about traffic directly from the connecting ports of the end host.
To analyze traffic, we decided on DPS from Terabit Security. When it proved its effectiveness in identifying anomalies in network activity, we wanted to scale this solution to our other services (like Cloud Servers, Cloud Storage, Dedicated Servers, etc.). The DPS’s author quickly and professionally made the necessary updates for this.
We have been working with DPS for one month with +65Gb/seg, and every day there were attacks and 569 networks; the feedback is very good, we have Arista switches on main network working with sflow.
Total number of monitored hosts (total size of all networks): 757184
PrimeTel was looking for enhancing its ability to detect and filter DDoS attacks coming into its network. DPS from Terabit Security has shown to be the most effective solution for this activity. Compared to other options, cost of integration was very competitive and we now get an insight into an attack within a minute. This allows us to activate necessary mitigating measures almost immediately.
