Results 1 to 16 of 16

Hybrid View

  1. #1

    HELP NEEDED! Under huge Ddos attack (+20000 servers sending requests)

    Hi!

    Our network is facing a huge Ddos attacks: over 20000 infected computers sending requests.

    Any person able to counter this attack is welcomed to contact me.

    Regards,
    ~Chris

  2. #2
    Join Date
    Mar 2004
    Location
    Chicago, IL
    Posts
    390
    You need to be contacting your upstream provider(s).

  3. #3
    Join Date
    Dec 2003
    Location
    Boston, MA
    Posts
    608
    What types of routers, switches and or machine (FreeBSD using ipf, ipfw?) Linux using iptables?

    Need more information before we can recomend anything.
    Axcelx Technologies - James
    Boston Colocation | Boston VPS
    Massachusetts Server Colocation, Dedicated Servers & VPS

  4. #4
    Join Date
    Jun 2002
    Location
    United Kingdom
    Posts
    1,238
    also.... what service are they attacking

    http?

  5. #5
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    I dun think he can do much except contacting his upstream. Distributed DOS attacks cant be prevent using iptables, routers or anything except ask the upstream to block the IPs doing that.

  6. #6
    Join Date
    May 2003
    Location
    Virginia
    Posts
    298
    Originally posted by boonchuan
    I dun think he can do much except contacting his upstream. Distributed DOS attacks cant be prevent using iptables, routers or anything except ask the upstream to block the IPs doing that.

    DDOS may not be preventable by the recipients upstream but they may be able to mitigate the attack depending on the traffic and their knowledge. Car filters are fairly effective against TCP traffic.

  7. #7
    Greetings Chris:

    1. If the x number of machines are all going after one port or a specific range of ports (common when dealing with infected machines doing the attacking compared to bots or people), then block the port(s) involved in your firewall.

    2. As suggested, do contact your upstream provider(s).

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  8. #8
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,977
    Originally posted by boonchuan
    I dun think he can do much except contacting his upstream. Distributed DOS attacks cant be prevent using iptables, routers or anything except ask the upstream to block the IPs doing that.

    But they can be mitigated just fine if your provider has the right equipment..

    We were under an attack just like this and with RackSpace's Preventier service the attack seemed to just go away...

    Other than deploying expensive DDoS mitigating solutions there isn't much else anyone can do when facing a huge zombie attack..

  9. #9
    1) UPSTEAM PROVIDER ( I pay you, what can you do other then unplug my machine ?)

    With that kind of attack , if it is domain based, I would simply point them to 127.0.0.1 and check my dns to see who is querying my name servers.

    If it is IP/Port base, Have your provider block this traffic at the edge devices (router/firewall)
    Datums Internet Solutions, LLC
    Systems Engineering & Managed Hosting Services
    Complex Hosting Consultants

  10. #10
    any update on this attack?

  11. #11
    guyz i am sorry to say it, but i am also facing a DOS attack, and i am not able to do anything till now , attack is on an IP and port range, any suggestions that could help us both?

    Thanks.

  12. #12
    Change your default server IPs and see if they lay off ? Install a new firewall to prevent some damage.

  13. #13
    Join Date
    Aug 2003
    Posts
    459
    When will people learn to give the right people the right authority

    I've been stealing DDoS botnets from kids and destroying them for quite a while, so far as of what i've witnessed, the newer versions are almost impossible to divert. They can now spoof MAC addresses, not to mention IPs.

    Welcome to the danger zone, if its attacking any ports below 2000, your providers should rate limit the whole port range, regardless of the protocol. Unless its a solid UDP attack.

    If its IRC related, please PM me.

  14. #14
    Join Date
    Apr 2004
    Posts
    191
    went through a DDOS last night against My domain, but being in the position I am. I was punished and my host took my site offline as a whole.

  15. #15
    Join Date
    Aug 2003
    Posts
    459
    Don't usually providers rate limit their routers in any case ? software end firewalls arn't supposed to do it.

  16. #16
    I believe hardware firewall is the only way to limit the effects of DDoS, upstream can do a filter for you but it can't stop the attack if the zombies keep increasing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •