Results 1 to 25 of 55
Thread: DDOS ?
-
05-20-2011, 12:22 PM #1WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
DDOS ?
Guys I may sound stupid but I wonder about this graph.
If I understand correct blue line shows "out going bandwidth".
Question is:
Is my server getting attacked or my server attacc someone else do to some trojan?
http://silentsoldiers.net/forum/images/ddos.bmp
Thanks
-
05-20-2011, 12:39 PM #2Web Hosting Evangelist
- Join Date
- Jun 2009
- Location
- California
- Posts
- 509
Looks like your server is attacking someone else.
-
05-20-2011, 12:40 PM #3Junior Guru Wannabe
- Join Date
- Apr 2011
- Posts
- 74
It's yours sending "things" out...check it further and act faster ( this or next time )
-
05-20-2011, 12:42 PM #4WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
-
05-20-2011, 12:45 PM #5WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
-
05-20-2011, 12:52 PM #6Junior Guru Wannabe
- Join Date
- Apr 2011
- Posts
- 74
Take backups of what you need and then fully collaborate with your provider to resolve this and even better investigate further. Do it fast because these things could cost you money!
-
05-20-2011, 01:07 PM #7WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
I want to ask if anyone can give me an idea what can I do to find the solution.
As you know every datacenter don't care about customers issues.
example from last night i request information and they told me that i getting hit with ddos: they did not provide Ip's or any help what so ever.
May be someone know some software can trace or monitor activities?
Do to w2k8 has nonething to do such a thing.
Thanks.
-
05-20-2011, 01:54 PM #8WHT Addict
- Join Date
- Aug 2010
- Location
- Berkshire, UK.
- Posts
- 161
That is a very bold statement that i would totally disagree with.
First questions i would raise would be;
Are you the only user with access to remote desktop?
You said the server has game servers on, Do you run any sort of Game Control Panel?
What kind of games are you hosting?
Do you have a firewall installed?
-
05-20-2011, 03:08 PM #9WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
-
05-20-2011, 04:04 PM #10WHT Addict
- Join Date
- Aug 2010
- Location
- Berkshire, UK.
- Posts
- 161
Ok great,
Does your firewall provide any sort of information in regards to incoming/outgoing connections? If it does it should be able to provide information and possibly current network usage of each outgoing connection. It may also show or tell you what program is utalising that connection.
Do you run any 3rd party modifications for the CS servers? Any perl scripts or such like?
Regards
-
05-20-2011, 09:24 PM #11WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
Sick of low end losers who has no life
I am waiting on data-center to move my iDRACK port to another switch.
Because all my NIC's on R610 connected to same renter switch right now.
Do to heavy DDOS my connection to the RDP times out.
Have to wait for respond.
Also wonder if any 3rd party software for Win OS can detect ddos and notify me when this happening at list give logs what ips was trying ddos me.
-
05-20-2011, 09:33 PM #12Newbie
- Join Date
- May 2011
- Posts
- 5
-
05-20-2011, 09:34 PM #13Aspiring Evangelist
- Join Date
- Aug 2009
- Location
- United Kingdom
- Posts
- 388
I'm quite sure that if you were to tell the DC that you were DDoSing someone, they would be cared!
Going by those graphs, you are NOT getting DDoS'd, you are however sending a DDoS out. Either that or you are having a heck of a traffic spike!!
Try connecting to remote desktop and opening up resource monitor. Under networking, expand it and click on the Out B/s or Send B/s (can't remember) It'll tell you what process is sending out the most traffic.Last edited by Tom,; 05-20-2011 at 09:38 PM. Reason: forgot to add the bottom solution bit!
.
-
05-20-2011, 10:26 PM #14Web Hosting Guru
- Join Date
- Jun 2007
- Posts
- 264
Is the graph actually reporting backwards? I've seen it several times before, consult your provider to confirm. In regards to sending a DDOS, it would be a DOS if it was
-
05-20-2011, 11:37 PM #15Disabled
- Join Date
- Sep 2010
- Posts
- 627
It could be the graph from the switch - outbound from the switch (to the server) = incoming DoS.
-
05-21-2011, 02:00 AM #16WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
OK just find out what is going on.
1) this is not comming from my server.
2) This is true ddos ( more like udp flood from China and Russia )
Today was most beutiful attack 100Mbps for 12 hours none stop.
As i quote before Data Center won't help.
Tech support offering solution that will cost me $15.000 per month and that a bunch of crap.
I do not need 1Gbps pipe line and cisco equipment because someone has no life.
Thanks
-
05-22-2011, 12:02 AM #17WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
I just made a video so you guys can see UDP flood.
Wonder if anyone know solution for this.
http://www.screencast.com/t/Lw6Y7vxI0
Thx
-
05-22-2011, 07:13 AM #18WHT Addict
- Join Date
- May 2008
- Posts
- 117
You have 3 options:
1. Close down your server.
2. Stay up and suffer under skiddies DDoS attack.
3. Buy 1Gbps pipe and hope they wont waste all your bandwidth.
Third option would be best.
Just a question are you hosting with Colostore?
-
05-22-2011, 10:32 AM #19Web Hosting Master
- Join Date
- Jan 2008
- Location
- Europe
- Posts
- 779
4th option - Move to a ddos protected host or proxy behind a ddos protection provider
-
05-22-2011, 12:13 PM #20CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
It would be much cheaper and faster to actually host with the DDoS protected provider vs. using a proxy.
-
05-22-2011, 12:17 PM #21WHT Addict
- Join Date
- May 2008
- Posts
- 117
Proxying game servers is not good thing to do.
DDoS protected dedicated will be probably more than +15$/month but who know.
-
05-22-2011, 02:39 PM #22WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
-
05-22-2011, 02:49 PM #23WHT Addict
- Join Date
- Sep 2008
- Posts
- 104
Also best solution is to send a 1u server to datacenter and use that server as firewall with custom script.
-
05-22-2011, 02:58 PM #24Web Hosting Master
- Join Date
- Oct 2002
- Location
- Vancouver, B.C.
- Posts
- 2,699
Do you have any legitimate UDP traffic? If not, a simple ACL at your provider's edge, or instated by their transits on their behalf, would be an effective way of dealing with attacks that can be easily identified. So long as you're not being attacked on the same port and protocol as your legitimate services, this would be your best bet as it doesn't require any specialized DDoS mitigation hardware.
If your provider is unable or unwilling to implement such measures, you may want to consider switching to a provider that is.ASTUTE INTERNET: Advanced, customized, and scalable solutions with AS54527 Premium Performance and Canadian Optimized Network (Level3, Shaw, CogecoPeer1, GTT/Tinet),
AS63213 Cost Effective High Performance Network (Cogent, HE, GTT/Tinet)
Dedicated Hosting, Colo, Bandwidth, and Fiber out of Vancouver, Seattle, LA, Toronto, NYC, and Miami
-
05-22-2011, 03:45 PM #25CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
UDP floods are by far the easiest to mitigate. The real problematic attacks are TCP, especially HTTP GET.
Similar Threads
-
Ddos Management | Handle most ddos attacks on server level | save hundreds!
By jon-f in forum Systems Management OffersReplies: 0Last Post: 10-14-2010, 05:52 PM -
Ddos Management | Handle most ddos attacks on server level | save hundreds!
By jon-f in forum Systems Management OffersReplies: 0Last Post: 10-03-2010, 12:39 PM -
Got DDoS? BLCC DDoS Protection sale! Stop HTTP GET attacks in their tracks!
By ddosguru in forum Dedicated Hosting OffersReplies: 7Last Post: 01-17-2007, 12:49 PM