Announcement

Collapse
No announcement yet.

ddos attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ddos attacks

    Hello,

    since a few days i am suffering from ddos attacks. One of the options is to shut down the server and to wait. These attack will go on for sure a few weeks.

    My question:

    If i have a lets say 3 servers with "unlimited traffic" is it possible to switch automtically to another ? If it is so what do i have to do with the dns setting and nameserver settings ? Unfortunetly i donīt have any experiance with this settings. Hope you got my point .

    king regards

  • #2
    Round robin dns yes.

    You should null route the IPs' under attack.
    And update the packet drop mods for apache and other softwares that could handle detect what to accept and what to drop
    It helps a little.

    I hope you catch the lamers who do this.

    Comment


    • #3
      Another option is moving to a network that has (D)DoS protection like Cisco Guard / Tippingpoint.
      ...

      Comment


      • #4
        If you have CPanel, you can also install a firewall (that works well with it)...

        http://www.webhostgear.com/61_print.html
        www.MJWebhosting.com - (Vbulletin Forum Hosting)
        www.MercuryServer.com - (Our vBulletin forum Managed & hosted by MJWebhosting)

        Comment


        • #5
          Contact your network provider and ask them to null route the IP addresses attacking your site.

          Comment


          • #6
            The problem with DDoS attacks is that they rarely originate from any single IP address and are, therefore, a bit tricky to stop. Most of these attacks are implemented using compromised Windows boxes (sometimes hundreds or thousands at once). It might be best to try to configure iptables to start dropping the packets (not DENY). Also have your host try filtering them out as well. DDoS is extremely hard to combat especially if there are compromised web servers with 100MBPS+ trunks spitting out packets too.

            The problem is that the law turns a blind eye to most of these attacks. If they would start handing out 30 year+ sentences to a few of these script kiddies then you might see a slowdown in this type foolishness. The only way to stop it is to make the price so high (if caught) that it isn't worth the risk.

            Comment


            • #7
              Originally posted by Digital2
              The problem with DDoS attacks is that they rarely originate from any single IP address and are, therefore, a bit tricky to stop. Most of these attacks are implemented using compromised Windows boxes (sometimes hundreds or thousands at once). It might be best to try to configure iptables to start dropping the packets (not DENY). Also have your host try filtering them out as well. DDoS is extremely hard to combat especially if there are compromised web servers with 100MBPS+ trunks spitting out packets too.

              The problem is that the law turns a blind eye to most of these attacks. If they would start handing out 30 year+ sentences to a few of these script kiddies then you might see a slowdown in this type foolishness. The only way to stop it is to make the price so high (if caught) that it isn't worth the risk.
              A few points:
              -Not necessarily Windows boxes
              -Can't punish because its typically almost impossible to track down who was responsible (these script kiddies you speak of are typically behind multiple proxies in different countries)
              -In large (D)DoS attacks, a hardware firewall / DoS mitigation system becomes necessary or the IPs need to be null routed or the box gets slammed and can't handle dropping or denying the bad packets
              ...

              Comment


              • #8
                In the old days the dosnet was mostly build from rootkitted linux systems using t0rnkit or stacheldrahtv6 etc. Windows came in later when 12 year olds started to figure out they couldn't actually hack - and only exploit unsecured windows machines.

                Most think that these days you are uncatchable if you do a DDoS because everybody says so. That's defn. not the case. Maybe you are if you take precaution; but because most think they are invincible they simply don't do that. Precaution being to not use your home system to initiate the attack, your IP to login to the remote dronenet or host the irc network they usually run from a provider where they signed up using their real details. etc.

                More and more DoS attacks are being taken serious. Fighting it costs money, effort, time and resources and providers don't like to invest to fix. Helping out trace people is less expensive and less time consuming and helps prevent future attacks from the same net and create awareness.

                The web site of the ministery of defence in the Netherlands got attacked and those kids got busted. And check the news, more and more news items about kiddies getting caught. But yes, it is quite hard and annoying. And there will always be 12 year olds on the internet. Are their parents lacking in educating / raising their kids?

                Don't mistake the script kiddies with the professional 20+ year old groups that criminal groups or even enterprise companies use / hire. It is a big difference. They are out there, in masse even, and authoraties appear to not even have a clue where to start looking or on how to infiltrate and take them down. They make thousends of dollars everyday using backbone bandwidth and provider downtime to get money out of legal companies trying to earn a living. Most do not even inform the police or take action. Those who do, make the news; Last year I believe it was when the UK credit card processor hit news sites being down because some group took them down, pay up or stay down - was the message.

                Hopefully with the efforts of cisco and other hardware companies and hosting providers one day the internet will be freed from the packetmonkeys.
                Last edited by Floris; Tue 8th Jan '08, 12:20pm.

                Comment


                • #9
                  Ah, I've been hearing much of such attacks like this. One of my friends runs a somewhat popular site. Much to his dismay, there also seems to be another person who does not like competition, and rather than upgrading in quality, chooses to level the playing field.

                  My poor friend's entire site was deleted, and in place one index.html file left in its wake, stating how he had "gotten hacked".

                  It may not be the right thing, but I laugh at people who call such things hacking.

                  Anyways, as I am currently working on a site with the same type of content, I have been looking for a host who has guarantees in protecting against such attacks.

                  Does anybody know where or how I can find if my host is good against such things?

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X