Results 1 to 7 of 7
  1. #1
    Join Date
    Jun 2013
    Posts
    111

    * New type of DDos

    hello All

    i am getting ddos from past few weeks. My protected Vps port get blocked.

    i had installed tcpdump to gather packets during flood.

    please check these snapshots of tcpdumps. can not post those dumps because of big size.

    thanks

    http://prntscr.com/2mox98
    http://prntscr.com/2moxf5
    http://prntscr.com/2moxk7
    http://prntscr.com/2moxo0
    http://prntscr.com/2moxs8
    http://prntscr.com/2moxyw
    http://prntscr.com/2moy1v
    http://prntscr.com/2moy9i

  2. #2
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    You or your ISP could block traffic with source port TCP/4307 assuming that this is not a legitimate service that you operate (Visicron Videoconference?)

  3. #3
    Join Date
    Jun 2013
    Posts
    111
    Quote Originally Posted by IRCCo Jeff View Post
    You or your ISP could block traffic with source port TCP/4307 assuming that this is not a legitimate service that you operate (Visicron Videoconference?)
    i am using camfrog video chat server, its legit program of camshare.

    blocking traffic on port TCp/4307 will work ?

    Sorry to say , i don't think it will work because port is not open.

  4. #4
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    It does not matter (much) if the port is open. It is still malicious traffic hitting your server. If your host has filtering capabilities they can write an ACL/policy to block that traffic.

    Since you're running Camfrog, the bigger concern is actually the attacks which specifically target the Camfrog ports. These are nearly impossible to filter without impacting the video or sound quality.

  5. #5
    Join Date
    Jun 2013
    Posts
    111
    jeff i am not sure. Voxailty server is ddos protected. 2 Mb/s flood with 50000+ packets block the port. Server is not down but the port get blocked.

    i have to check in contrl panel is i am allowed to add acl rules or had to ask support.

    Thanks jeff

  6. #6
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    As I mentioned, it is extremely difficult to mitigate attacks against Camfrog without impacting the sound/video quality. You'll need to take this up with Voxility for any potential resolution.

  7. #7
    Join Date
    Jul 2013
    Posts
    296
    Voxility have same issue with some other type of attack like TCP SYN, the server is up but port blocked. The best way is filtering on Camfrog port but as Jeff reply, it may have some affect in your service.

Similar Threads

  1. Weird type of DDoS
    By MMrs in forum Hosting Security and Technology
    Replies: 2
    Last Post: 07-27-2012, 03:58 PM
  2. New type of DDoS attack?
    By Billie in forum Hosting Security and Technology
    Replies: 7
    Last Post: 04-18-2011, 02:22 AM
  3. Replies: 0
    Last Post: 01-21-2009, 10:21 PM
  4. Replies: 0
    Last Post: 01-14-2009, 07:17 PM
  5. Replies: 8
    Last Post: 06-23-2008, 11:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •