Results 1 to 13 of 13
-
03-01-2012, 10:43 AM #1Junior Guru Wannabe
- Join Date
- May 2007
- Posts
- 83
Server under SYN-flood DDoS, please help
Hi friends,
Our dedicated hosting server under SYN-flood DDoS now and we are looking for any solution of this problem, can anybody help with this?
SYN-flood power is 60-80 Mb/s, we have configured CSF for protection and block some countries where attack from but this do not helped, connection to server is timed-out after IP connected to server by datacenter staff.
We are working for several years and can mitigate powerful HTTP flood attaks but we can't mitigate this SYN flood attack..
Please give us some suggestions how to mitigate this attack?
-
03-01-2012, 10:50 AM #2Temporarily Suspended
- Join Date
- Feb 2004
- Location
- UK
- Posts
- 1,431
Hi
If its directed at one site, you could use a proxy service to filter it out.
Have you looked at cloudfront (i think thats what its called)
Thanks
-
03-01-2012, 10:51 AM #3Junior Guru Wannabe
- Join Date
- Feb 2012
- Location
- USA
- Posts
- 32
Please research this thread: http://www.webhostingtalk.com/showthread.php?t=860864 - http://www.webhostingtalk.com/showthread.php?t=1074691 and this one: http://www.webhostingtalk.com/showthread.php?t=859081
I would highly recommend Cloudflare as we use this for our services and always under heavy protection. I hope this gets resolved.
-
03-01-2012, 11:19 AM #4Junior Guru Wannabe
- Join Date
- May 2007
- Posts
- 83
Please research this thread: http://www.webhostingtalk.com/showthread.php?t=860864 - http://www.webhostingtalk.com/showthread.php?t=1074691 and this one: http://www.webhostingtalk.com/showthread.php?t=859081
How Cloudflare can protect our server, can you please explain in details?
-
03-01-2012, 11:23 AM #5Junior Guru Wannabe
- Join Date
- Mar 2008
- Posts
- 81
Cloudflare wont protect you. if the attack is big enough they will just send the traffic straight to your server.
I recommend installing Nginx and rate limiting connections to it, as well as fire-walling the ip addresses. 80Mb/s is well under a gigabit port's full speed so if you have 100mbit you might want to upgrade.
-
03-01-2012, 11:24 AM #6Web Hosting Master
- Join Date
- Nov 2009
- Location
- Colombia
- Posts
- 2,150
Drop all SYN packets and ask your provider help.
█ Diego Rodríguez B. - https://diegorbaquero.com
█ Software Engineer @ Protocol Labs | Filecoin Saturn
-
03-01-2012, 11:33 AM #7WHT Addict
- Join Date
- Feb 2012
- Location
- WHT
- Posts
- 124
cfs is good tools to fix this
its better to limmite connection to 50 for each ip and enable permanent band█ Online WebHosting And Linux Server Support
█ DirectAdmin & Cpanel/Whm & CWP & Zpanel & Kloxo & etc ...
█ Installing and configuration WebServer | Nginx & Apache & LiteSpeed
█ Linux System Admin & Troubleshooting | Mysql & Webserver LoadBalancing
-
03-01-2012, 11:34 AM #8Web Hosting Master
- Join Date
- Sep 2011
- Posts
- 987
That is NOT a small amount for a SYN DDoS. sign up for a serious DDoS mitigation service.
-
03-01-2012, 11:49 AM #9Junior Guru Wannabe
- Join Date
- Feb 2012
- Location
- USA
- Posts
- 32
Would have to agree with n!ghtmare and Badmanh on this. For the DDoS protection, we have a few clients who use this service: http://www.ultradns.com/
Let us know how everything goes and we can be any further assistance for you.
-
03-01-2012, 12:05 PM #10Web Hosting Master
- Join Date
- Nov 2010
- Location
- San Francisco, CA
- Posts
- 901
Hi,
[QUOTE=Badmanh;7985935]Cloudflare wont protect you. if the attack is big enough they will just send the traffic straight to your server."
Yes, but it generally has to be a huge attack for us to force direct. We can offer some mitigation for a lot of attacks. If the party does end up using CloudFlare, then they could also set their server to only accept connections from our IPs.CloudFlare Community Evangelist
-
03-01-2012, 12:43 PM #11Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Am no DDoS expert but this could help you: http://litespeedtech.com/sign-up-lit...y-service.html
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
03-01-2012, 12:52 PM #12CISSP-ISSMP, CISA
- Join Date
- Aug 2002
- Location
- Seattle
- Posts
- 5,525
-
03-01-2012, 12:56 PM #13Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Similar Threads
-
Say godbye to DDOS and SYN flood attacks!
By ibelledthecat in forum Hosting Security and TechnologyReplies: 8Last Post: 05-21-2010, 01:47 PM -
SYN FLOOD
By Gigaron in forum Hosting Security and TechnologyReplies: 6Last Post: 06-12-2008, 09:25 PM -
TCP/IP Hardening ˇV Prevents DDOS and SYN-Flood attacks.
By hkivan in forum Hosting Security and TechnologyReplies: 9Last Post: 06-20-2004, 11:25 PM -
SYN flood, what else can I do?
By Bourd in forum Hosting Security and TechnologyReplies: 9Last Post: 06-05-2004, 04:27 PM -
Syn Flood???
By ClusterMania in forum Hosting Security and TechnologyReplies: 0Last Post: 01-13-2003, 08:50 AM