Hi

The short question is this:
Is there stuff out there that will keep downtime near to zero in the case of DoS attacks? Or is a lengthy downtime due to hosting company not having good measures in place?

Background:

I rent a Linux server on a cloud which purports to offer 10000% uptime (really) and the last week has resulted in plenty of downtime as a result network attacks. An alleged 25% of their systems/customers were affected.

Is it 'excusable' that chunks of their network should be offline for "hours" while these attacks take place?

I mean, if I moved to Amazon EC2, would these big guys be less likely to suffer or is it as conceivable EC2 come under an attack and those guys go offline for hours?

Many thanks in advance.

Kevin

Everyone is vulnerable to bandwidth DoS attacks. That said, the more money the company has (or its ISP), the better they will be able to mitigate an attack. If this company went offline for too long (subjective) then it's a good indicator of them not having the resources (whether technical or financial) to deal with a major bandwidth attack. At the very least, it would mean they didn't have an adequate contingency plan. BTW, isn't 10,000% mathematically impossible in the context of availability?

Firstly, thanks for this feedback! That's a very interesting read and I'm very grateful to get that.

On the math front...

100% uptime would be adequate but the company claims that for every hour of outage they give you 100 hours of free time.
They have somehow copyrighted/protected that statement and it is subject to their SLA/TnC's.

In reality, it actually gives false sense of security requiring a claim be put in to get the time back (which would also mean re-reading the smallprint to see if you qualify. No doubt a DoS attack is an 'Act of God' dunno - should have studied it more).

I constructively humiliated them on my blog last night and they are obviously monitoring various feeds because I got a quick reply saying it's not their fault, bla, bla.. hence my original post..

Fairness in all things.. but if they are not up to the mark when they claim to be then others need to know about it - the internet seems to be a line of defense in keeping big companies on their toes.

Hi,

There is stuff out there to guard against Dos and DDos attacks....much of it probably depends on how deep your pockets are, or those of your service provider, where you may get an advantage from a company like Amazon.

That's something only you/your organisation can answer really. Is the level of service you've received adequate for your needs? Can you justify the potential increased costs to get increased protection? E.g. where I'm working it would certainly be embarrassing and I wouldn't like the site being down for an extended period over the week but I doubt we could justify the likely costs of buying in DDos mitigation.

Cheers,
Steve