Results 1 to 17 of 17
  1. #1

    Best way to respond to a DDOS

    Hi everyone,

    I've got some machines hosted in a London colocation facility that were subject to a massive DDoS attack (10GBit+).

    We know who did it, we can't prove that they did and they live in the US state of Boston.
    It's likely that they paid someone to do this for them.

    What would be the best course of action in getting them apprehended?

    we as a business have suffered massive losses as a company and have been suspended by that particular datacenter indefinitely.

    The problem isn't one off, this same group of individuals won't stop until someone brings them to justice.


  2. #2
    Join Date
    Aug 2002
    Ignore them completely. If you respond to it at all you're feeding the troll and the attacks will continue.

    Also, they're not going to get apprehended. The only agencies with the resources to pursue DDoS attackers is the FBI and USSS, neither of which are generally interested in pursuing individual cases.

  3. #3
    Join Date
    Jun 2011
    Unfortunately DDoS is a real problem these days, with attacks becoming easier to perform, as well as more powerful.

    Have you considered using DDoS protection? Whilst I understand you want to "catch the crooks" so to speak, I don't think you'll get very far. It will cost an arm and a leg to even attempt any legal action.

  4. #4
    Our network is protected, somehow the attackers managed to find our true IPs.

    In the past i've dealt with ~1Gbit attacks from these people no problem but seeing 10Gbit our DC has now decided to suspend us.

    There's not a lot else I can do, if I move to a different facility the attacks will continue.

    In terms of apprehension I think it's worth a try whatever the likelihood of any gain is.

    Being a UK based company should I contact my authorities or the US?

  5. #5
    I hear cloudflare has excellent DDOS protection, you might want to look into that. Also google has started up a DDOS protection system, here's a link. ( It's invite only but from what I've heard its not hard to get accepted.

  6. #6
    Join Date
    Aug 2002
    This assumes the OP's content is:

    - News or Independent Media
    - Elections Information
    - Human Rights Information

    .. otherwise he would not be eligible.

  7. #7
    Join Date
    Feb 2002
    South California
    Any level of communication with them is pointless. It'll waste your time. We've been dealing with DDoS for 15 years. At the beginning, we used to try to communicate with our attackers. It actually makes them more interested in attacking you when they have a captive audience.

    Your DC is probably not setup to mitigate ddos attacks. The attack may have impacted their other customers, or simply cost them too much to absorb. Since you're in London, you'll want to look for a mitigation provider with a European presence.

    I recommend you be careful to ask a few key questions of any provider you're investigating for purchase.
    - Do you build your own mitigation platform?
    - Do you have a global mitigation backbone with multiple POPs?
    - Do you have at least 100 Gbps of capacity to your own mitigation centers?

    Ask for proof plenty of proof. Keep asking questions and do your homework. Good luck!
    Last edited by Mike V; 11-07-2013 at 01:57 PM.

  8. #8
    It is a Money War. Better to use the most cost-effective way to keep your business live and watch them burn their money for DDoS service.
    Sometimes even closing down a bit can burn some of their notes.
    If they are rich enough to attack you for years, you are likely to lose.
    Good luck!!!
    Alex - info[@]
    Server Hong Kong Company - The optimized choice
    No limitation at service scope but promise you always the best price for whatever service level required.

  9. #9
    Join Date
    Mar 2009
    It would be best to choose a datacenter having an extra DDOS protection. But DDOS can't be completely avoided. Unless if this is a constant attack it can be reduced to a small extend using some of the 3rd party solutions.

    Then managing your domain with an expert, who can update all the security vulnerabilities so that attackers don't find easy way to explore in.

  10. #10
    The best option for this would be to move your servers to a datacenter which has DDOS protection and give support on such issues.

  11. #11
    Join Date
    Dec 2011
    There isn't much you can do legally, as most attacks are impossible or at least really hard to trace back to the attacker, even if you know who did it, it's questionable that there's proof. As Jeff suggested, your best bet would be to ignore the attacker completely and get a decent DDoS protection to keep your services online.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>

  12. #12
    We often advise clients to have one cloud/datacenter for public facing and or publicly "known" services, i.e. web servers, etc... then another independent cloud/datacenter for internal resources. This diversity allows us to avoid the all your eggs in one basket situation...

  13. #13
    prolexic offer bgp fail over DDOS protection to their scrubbing datacenters.

    Uses iBGP over ipsec gre, you send netflow samples only something like 1 in every 100 packets to them and they auto route your public ip address space to their DC's then back to you via the tunnel, outbound traffic isn't effected AFAIK

    Need your own BGP routing for this and PI address space AFAIK

  14. #14
    The greatest pain you give for DDOS attacker is when he keeps on DDOSing while you are in safe network. Just find a good DDOS mitigation service and you are fine.

  15. #15
    You could contact the Cyber crime department of the FBI.

    (boston is a city on the state of Massachusetts)

  16. #16
    Join Date
    Dec 2011
    The FBI won't care much as long as there isn't actual proof who did it and a lot of financial damage.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>

  17. #17
    Join Date
    Jan 2011
    Softlayer simply null route ips which receives ddos attacks.So it good idea to auto null-route ips.
    Failure is success if we learn from it.

Similar Threads

  1. Replies: 0
    Last Post: 08-24-2013, 06:33 AM
  2. Maybe this will get Affordablehost to respond.
    By Kafen in forum Web Hosting
    Replies: 8
    Last Post: 06-22-2005, 08:45 AM
  3. Asking dot5Hosting to respond
    By Gil1 in forum Web Hosting
    Replies: 12
    Last Post: 12-05-2002, 09:09 PM
  4. 40% OFF Only to first 10 to respond!
    By Frankster in forum Shared Hosting Offers
    Replies: 0
    Last Post: 02-14-2002, 03:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts