Free DDoS protection for everyone?

DetectiveIf you are using shared web hosting, VPS, or a dedicated server, and your web host offers free DDoS protection than you may want to inquire about what kind of protection. Some web hosts may promote or offer free DDoS protection that isn’t really protection. This protection works by null routing the target IP address of the attack.

If you have a shared web hosting account, VPS, or dedicated server with a dedicated IP and it becomes a DDoS attack target. A web host that offers free DDoS protection for you could come in and null route your own IP address for that server!

If your web host is not giving you the numbers, like protection from at least a 2 Gbps or 2 million packets per second attack than you should start worrying. If you come under a DDoS attack, the only protection you will be getting is from your web host’s billing department because your web host would null route your IP address.

Real DDoS protection requires scrubbing the traffic

A web host that offers real protection will scrub all the traffic going to your web server and only allow clean traffic. Your server won’t notice anything because the web host would be doing all the work on their end before the traffic touches your server.

DDoS protection from your web host’s billing department

A web host that offers DDoS protection that involves null routing your IP address is technically offering a form of DDoS protection. This is not the type of DDoS protection you want. When a DDoS attack occurs your bandwidth usage will spike if your web host doesn’t null route your IP address or migrates the attack. When your web host nulls route your IP address, they are offering a form of DDoS protection but this method is the default method for a lot of web hosts when any server is under attack.

Some web hosts may not do anything and let you incur bandwidth overage charges. Most web hosts will null route your IP address to prevent this from happening. The DDoS protection you want is, one where your web hosts scrubs the traffic and only permits the legitimate traffic to reach your server.