Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 61
  1. #26
    perelian,

    Please be more specific about the DNS DDoS attacks their are several types of DNS attacks. Usually DNS attacks can be crippling for your bandwidth pipe, but please give more details about your attack.

    Thanks

  2. #27
    Join Date
    May 2003
    Location
    Florida
    Posts
    902
    elix,

    Nice little script. Thanks for posting it here.

  3. #28
    Hi friends
    i have a problem with ddos

    it blocked an ip that i am trying to unblock but no luck.

    i removed the ignoreip file but still can not connect?
    any help please?
    thnak you.

  4. #29
    Join Date
    Jun 2005
    Posts
    87
    Quote Originally Posted by mycroftx
    I can put a good fw on my server tho, but it won't prevent the attack

    It has to be a good hardware firewall, a common (or good) software firewall, won't block a ddos attack.

  5. #30
    Join Date
    Apr 2006
    Posts
    33
    that looks like my perl script i posted on ev1servers forum a long long time ago, just in bash.

  6. #31

    Thumbs up Stop DDOS

    We use toplayer it prevents the bandwith from being used during a attack. Which stops the attack cold. The only thing it can not prevent is an internal attack by one of your user or sombody who hacked a users control panel.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  7. #32
    Join Date
    Apr 2006
    Posts
    33
    there is absolutely nothing you can do if attack is strong enough to fill up your network pipe, you can't "prevent" bandwidth from being used, you use your bandwidth when you are dropping packets sent to you, the only thing you can do is filter ports so you are not sending back "port is closed" packets which will fill up your upstream bandwidth. I have been in this DDoS hell since forever :/

  8. #33

    Thumbs up Not the tech guy

    All I can tell you that it works we had the same problem and with 30,000+ plus users and 10,000+ websites it gets old fast. The last time we went off from a DDOS was the last time. We have not been off sense installation of Toplayer. It is not cheap but it works. toplayer.com

    Go read about it.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  9. #34
    Squiggout what damir mentioned is true. It really depends on the kind of DDOS attack you are receiving are they ment to overload your bandwidth pipe? (in this case NO firewall at your end can help you).

    Some other like HTTP attacks target your services in the intention of a system overflow giving the server more than it can handle basiclly (this usually doesn't require lots of bandwidth can be done with no more than 512Kbps). Usually this will cause your server to go unresponsive may cause it to crash and a huge spike of OUTGOING traffic from this server attempting to respond to the flood of requests.

    I guess by implementing this Toplayer equipment you mentioned above managed to detect the Service-based dDoS attack and filtered them before reaching your server.

    If you end up receiving a BANDWIDTH attack that can reach above your pipe size you will go down, and IF you receive an attack with a high enough PacketPer Sec. that your TopLayer firewall can't handle it will also bring you down.

    In DDOS Mitigation you have to understand their are MANY ways to be attacked and each one of them almost a complete different ball game.

    Thanks

  10. #35
    Join Date
    Feb 2004
    Location
    here and there
    Posts
    767
    Quote Originally Posted by Jigy
    Squiggout what damir mentioned is true. It really depends on the kind of DDOS attack you are receiving are they ment to overload your bandwidth pipe? (in this case NO firewall at your end can help you).

    There are very easy ways to deal with this (for the provider, not for the end customer) - it's just a case of finding a host with enough clue to implement it.
    Dedicated Servers, Virtual Machines, Colocation, BGP & IPs
    objx.net - AS33333 - Salt Lake, Utah
    awknet.com - AS17048 - Los Angeles, California

  11. #36
    Join Date
    Apr 2006
    Posts
    33
    jwr, not really. Most of providers are not writing custom software for this, the only one i have seen do that is ev1servers so far with its fireslayer (which is only partially written by ev1servers), to buy some kind of software/hardware that will deal with such big attacks you need really really deep pockets...most of providers can't even afford it.

  12. #37
    You cant be further from the truth jwr. DDOS Prevention is a VERY hard business. It's not as easy as slapping on a firewall and THERE YOU ARE GOOD TO GO!
    DDOS Protection requires lots of time spent, and money. Almost all providers that do DDOS firewalling have invested in their own mechanism of DDOS protection and that is alot of work.

  13. #38

    Ddos

    Thank you for the comments and agree with them. We have successfully stopped the attacks to my network and I have not been off sense installation because of DDOS. Maybe Squiggout has been lucky and will bring your comments to our operations review to make sure we are 100% protected.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  14. #39
    Join Date
    Apr 2006
    Posts
    33
    what? ........

  15. #40

    Wink

    What exactly? I took the comments from everybody and gave them to my CIO because the comments to me seemed important.

    All I know is that toplayer works in conjunction with our firewall and software. I know that we have not gone off because of DDOS sense it was installed. That is real world data.

    DDOS protection starts right at the edge of your network before your firewall. There is no simple answer and there is no simple fix. The right fix to to catch the people doing it.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  16. #41
    Join Date
    Apr 2006
    Posts
    33
    You have the chance to filter DDOS attack if you have enough bandwidth to "drop" attack. if(your-bandwidth > ddos-bandwidth){you have the chance on your own} else {find provider that will do it for you} ....The End!

  17. #42
    I was kinda hesitant giving a response to that damir. Well said!

    There are NO SILVER BULLETS for DDoS attacks. In fact, no one can claim that they have it. It's IMPOSSIBLE to do so.

  18. #43
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    456
    You may want to check http://www.ddosprotection.com/index.htm , I've never tried them, but I know they saved the milliondollarhomepage gig few months back. Not sure how their pricing works though!

    From experience, if this is shared hosting server, first find out who they are targetting. start splitting your shared accounts to different IP zones, and go through the elimination process. (don't forget to change DNS Timing to 900) it will take you a day to get it sorted out that way.
    Reliability • Performance • Integrity

  19. #44
    Join Date
    Feb 2004
    Location
    here and there
    Posts
    767
    haha. I'll say it again. Bandwidth saturation attacks are very easy to mitigate. Think outside the box.


    [edit] -> from a provider standpoint, not an end customer - you have to rely on a provider that doesn't suck balls - host your DDoS prone box with someone who specifically deals with DDoS attacks
    Last edited by jwr; 05-03-2006 at 01:36 PM.
    Dedicated Servers, Virtual Machines, Colocation, BGP & IPs
    objx.net - AS33333 - Salt Lake, Utah
    awknet.com - AS17048 - Los Angeles, California

  20. #45
    There are only two companies specialized in DDOS, gigerservers.net and staminus.net. I use them both and both companies have a great system in place to mitigate DDOS attacks.

    Personally I would recommend gigeservers.net, but I have to say that lately I have been impressed by staminus also.

    Don't waste time and money looking at other providers, even the big players like theplanet or ev1servers cannot mitigate the kind of attacks these smaller companies face everyday.

    Albo

  21. #46
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    748
    Please lets not generalize here - there are quite a few companies out there that can provide DoS/DDoS protection - except it costs. Even GigE and Staminus have separate costing for mitigating hardcore DDoS attacks.

    DDoS/DoS attacks essentially can be categorized into there types:

    1. Bandwidth - where they choke the end-pipe
    2. PPS - where they choke the routing
    3. Setup Rates where they choke either the network or server gear with the number of setups per second.

    or a combination of the above. Big players can fend off DoS/DDoS attacks - even "very" large ones. Prolexic recently fended of a 10Gbps (yes 10,000Mbps) attack on their network! How many providers can claim to do that. Very few.

    If you have seriously been hit with a DoS/DDoS attack you need to determine what you are willing to spend and what are your clients willing to pay to have their websites up and running. Let someone else figure out the technological aspect of it (some guard this as a trade secret). You worry about how you will get more money to keep your client alive (or in worst cases, the other helpless websites that mght have been hosted on the same IP).
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  22. #47
    guys,

    sometimes my website just stops responding .. takes looong time to load & most of the time fails to load ..
    at the same time,
    I can easily connect through ftp & can use the cPanel installed ..

    Is my server a victim of DDoS???

    what do you suggest me to do??

    another thing to mention is that the server is on BurstNet & it's network has also been down a couple of times lately...

  23. #48
    Join Date
    Apr 2006
    Posts
    33
    ev1servers have successfuly filtered over 1Gbit big ddos attack (one of my friends confirmed this), i myself had theplanet filter over 1Gbit attack on one of my servers with cisco guard. Personally i would never even think about getting a server from some company that didn't have some kind of DDoS filtering tool.

  24. #49
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    456
    I dispute that fact about TP, i've had personal experience with our server being DDoS for a week at TP, and the Guards did absolutely nothing. It was a relatively large http SYN attack, but nothing close to Gbps.

    Later I learned, it is not the size of the equipment you have, but how you use it :-) and if the people running these anti-ddos equipment are not well trained and experts at using them, they will end-up as useless as having no protection at all.

    Mind you, i heard other people stories at TP saying the Guards helped, and many more stories saying they did not. So my guess the Guards are configured to protect against certain type of attacks only (most likely bandwidth intensive attacks).
    Reliability • Performance • Integrity

  25. #50
    Join Date
    Apr 2006
    Posts
    33
    They have just recently started using cisco guard i think. It's kinda automatic and i guess will trigger only if flows are big enough, you could have stopped small syn attacks (>100mbit or whatever your internet port is), read about syncookies.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •