Results 1 to 8 of 8
Thread: DDOS Prevention
-
06-06-2005, 03:31 AM #1virtualizing the world
- Join Date
- Mar 2004
- Location
- Seattle, WA
- Posts
- 2,580
DDOS Prevention
Hello,
What are some effective software to prevent DDOS attacks? We already have in place APF and BFD, however our apache server continues to get flooded with unknown requests, higher than normal. We were suggested to buy a physical firewall as well. What are some descent firewalls out their?
Please reply to both questions.
ThanksColoInSeattle - From 1U to cage space colocation in Seattle
ServerStadium - Affordable Dedicated Servers
Come visit our 18k sq ft. facility in Seattle!
Managed Private Cloud | Colocation | Disaster Recovery | Dedicated Servers
-
06-06-2005, 04:08 AM #2Web Hosting Master
- Join Date
- Aug 2004
- Location
- Karachi, Pakistan
- Posts
- 748
Firewalls essentially were made to do port blocking - though features may have been added, they are nonetheless monolithic proxies essentially. They *DO* mitigate DDoS attacks quite a bit but should not entirely be relied upon for DDoSing alone.
If you keep getting DDoS hits on say Port 80, you may want to look at deivces that do TRL (Transaction Rate Limiting) for a specific service. Other mitigation devices particularly for DDoS at OEMs like Top Layer, Mazu Networks, Arbor Networks (perhaps the best player out there), Captus, Riverhead (Now part of Cisco), Juniper/Netscreen (their firewalls greatly reduce DDoSing), Foundry Networks to name a few. I am sure there are more out there.
Now to answer your question - Yes. A decent firewall, like say, Juniper Netscreen NS-50 should be able to handle upto 100Mbps traffic very nicely and should be able to handle small to mid-size DDoS attacks.
The basic thing about DDoS is...
a. The type of attack?
b. Attack bandwidth
c. Setup Rate (measured in seconds).
Here is a good resource to read-up more on DDoS:
http://staff.washington.edu/dittrich/misc/ddos/
Hope the above helps.
Faisal"I drink too much. The last time I gave a urine sample it had an olive in it. ".
Rodney Dangerfield (from "I Get No Respect!").
-
06-06-2005, 04:13 AM #3virtualizing the world
- Join Date
- Mar 2004
- Location
- Seattle, WA
- Posts
- 2,580
Thank you Faisal for your input.
ColoInSeattle - From 1U to cage space colocation in Seattle
ServerStadium - Affordable Dedicated Servers
Come visit our 18k sq ft. facility in Seattle!
Managed Private Cloud | Colocation | Disaster Recovery | Dedicated Servers
-
06-06-2005, 04:17 AM #4Web Hosting Master
- Join Date
- Feb 2004
- Posts
- 772
hai netway,
Plz check out this links,it'll be useful for u
http://support.zeus.com/doc/zws/v4/m..._config.3.html
http://www.iss.net/news/denialfaq.php
http://www.securitydocs.com/library/2616
http://www.linuxsecurity.com/resourc...hitepaper.html
thanksBright Info Solutions
-
06-06-2005, 04:49 PM #5virtualizing the world
- Join Date
- Mar 2004
- Location
- Seattle, WA
- Posts
- 2,580
Also, just to get more detailed as to what type of DDOS attack this is, it is a syn flood attack.
ColoInSeattle - From 1U to cage space colocation in Seattle
ServerStadium - Affordable Dedicated Servers
Come visit our 18k sq ft. facility in Seattle!
Managed Private Cloud | Colocation | Disaster Recovery | Dedicated Servers
-
06-06-2005, 11:12 PM #6Web Hosting Master
- Join Date
- Mar 2001
- Location
- Houston, TX
- Posts
- 973
Who's your datacenter? Usually, your datacenter will be able to help you by putting up some kind of flood protection (temporarily) until the attack subsides.
RojWeb Hosting? Been there. Done that.
I am niyogi.
-
06-07-2005, 03:41 AM #7Junior Guru Wannabe
- Join Date
- May 2004
- Posts
- 57
Is there any way by which I can find on what port DoS attacks are being done??
I am not able to figure out who and who my server is attacke by Dos.. my host company (hostcentric) are not willing to help me.. what do I do?
-
06-07-2005, 04:17 AM #8Web Hosting Master
- Join Date
- Aug 2004
- Location
- Karachi, Pakistan
- Posts
- 748
You need to capture some traffic in order to determine that. Are you on a dedicated server or shared? If on a dedicated server, install any packet capturing software, like Ethereal, etc. and you will be able to determine what sort of traffic was/in coming in.
If you are unable to access your server (assuming you are on a dedicated server), then your only hope is to have your hosting provider assist you in the packet capturing.
Faisal"I drink too much. The last time I gave a urine sample it had an olive in it. ".
Rodney Dangerfield (from "I Get No Respect!").