Results 1 to 16 of 16
Hybrid View
-
05-09-2004, 10:42 AM #1New Member
- Join Date
- May 2004
- Posts
- 1
HELP NEEDED! Under huge Ddos attack (+20000 servers sending requests)
Hi!
Our network is facing a huge Ddos attacks: over 20000 infected computers sending requests.
Any person able to counter this attack is welcomed to contact me.
Regards,
~Chris
-
05-09-2004, 11:09 AM #2Aspiring Evangelist
- Join Date
- Mar 2004
- Location
- Chicago, IL
- Posts
- 390
You need to be contacting your upstream provider(s).
-
05-09-2004, 12:00 PM #3Hosting Specialist
- Join Date
- Dec 2003
- Location
- Boston, MA
- Posts
- 608
What types of routers, switches and or machine (FreeBSD using ipf, ipfw?) Linux using iptables?
Need more information before we can recomend anything.Axcelx Technologies - James
Boston Colocation | Boston VPS
Massachusetts Server Colocation, Dedicated Servers & VPS
-
05-09-2004, 02:54 PM #4Web Hosting Master
- Join Date
- Jun 2002
- Location
- United Kingdom
- Posts
- 1,238
also.... what service are they attacking
http?
-
05-09-2004, 09:03 PM #5Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
I dun think he can do much except contacting his upstream. Distributed DOS attacks cant be prevent using iptables, routers or anything except ask the upstream to block the IPs doing that.
-
05-10-2004, 08:13 AM #6Web Hosting Guru
- Join Date
- May 2003
- Location
- Virginia
- Posts
- 298
Originally posted by boonchuan
I dun think he can do much except contacting his upstream. Distributed DOS attacks cant be prevent using iptables, routers or anything except ask the upstream to block the IPs doing that.
DDOS may not be preventable by the recipients upstream but they may be able to mitigate the attack depending on the traffic and their knowledge. Car filters are fairly effective against TCP traffic.
-
05-10-2004, 09:13 AM #7Web Hosting Master
- Join Date
- Dec 2001
- Posts
- 5,221
Greetings Chris:
1. If the x number of machines are all going after one port or a specific range of ports (common when dealing with infected machines doing the attacking compared to bots or people), then block the port(s) involved in your firewall.
2. As suggested, do contact your upstream provider(s).
Thank you.
-
05-10-2004, 09:41 AM #8Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
Originally posted by boonchuan
I dun think he can do much except contacting his upstream. Distributed DOS attacks cant be prevent using iptables, routers or anything except ask the upstream to block the IPs doing that.
But they can be mitigated just fine if your provider has the right equipment..
We were under an attack just like this and with RackSpace's Preventier service the attack seemed to just go away...
Other than deploying expensive DDoS mitigating solutions there isn't much else anyone can do when facing a huge zombie attack..
-
05-10-2004, 10:17 AM #9Web Hosting Master
- Join Date
- May 2003
- Posts
- 1,151
1) UPSTEAM PROVIDER ( I pay you, what can you do other then unplug my machine ?)
With that kind of attack , if it is domain based, I would simply point them to 127.0.0.1 and check my dns to see who is querying my name servers.
If it is IP/Port base, Have your provider block this traffic at the edge devices (router/firewall)Datums Internet Solutions, LLC
Systems Engineering & Managed Hosting Services
Complex Hosting Consultants
-
05-10-2004, 10:37 AM #10Disabled
- Join Date
- May 2004
- Posts
- 281
any update on this attack?
-
05-10-2004, 07:42 PM #11Junior Guru
- Join Date
- Jan 2004
- Posts
- 207
guyz i am sorry to say it, but i am also facing a DOS attack, and i am not able to do anything till now , attack is on an IP and port range, any suggestions that could help us both?
Thanks.
-
05-10-2004, 09:25 PM #12Junior Guru Wannabe
- Join Date
- Mar 2004
- Posts
- 43
Change your default server IPs and see if they lay off ? Install a new firewall to prevent some damage.
-
05-10-2004, 11:13 PM #13Web Hosting Evangelist
- Join Date
- Aug 2003
- Posts
- 459
When will people learn to give the right people the right authority
I've been stealing DDoS botnets from kids and destroying them for quite a while, so far as of what i've witnessed, the newer versions are almost impossible to divert. They can now spoof MAC addresses, not to mention IPs.
Welcome to the danger zone, if its attacking any ports below 2000, your providers should rate limit the whole port range, regardless of the protocol. Unless its a solid UDP attack.
If its IRC related, please PM me.
-
05-10-2004, 11:20 PM #14Junior Guru
- Join Date
- Apr 2004
- Posts
- 191
went through a DDOS last night against My domain, but being in the position I am. I was punished and my host took my site offline as a whole.
-
05-10-2004, 11:25 PM #15Web Hosting Evangelist
- Join Date
- Aug 2003
- Posts
- 459
Don't usually providers rate limit their routers in any case ? software end firewalls arn't supposed to do it.
-
05-11-2004, 12:47 AM #16WHT Addict
- Join Date
- Apr 2004
- Posts
- 132
I believe hardware firewall is the only way to limit the effects of DDoS, upstream can do a filter for you but it can't stop the attack if the zombies keep increasing.