Results 1 to 17 of 17
  1. #1

    The old DoS atack! What now?

    Hello guys,


    Well, I have a server on LT, it was flooded, they unplugged my server from the network to wait the ataack to cease...

    Then I thought, I cant just wait, I need Uptime.. Then I saw The Planet, with that Cisco DDoS guard and everything, I got into their salle chat, and they said they would block flood DoS atack on the router level, not harming my server uptime...

    Some days latter, I wake up, just to see my server was offline, and a ticket saing it has been null routed due to a 650Mbits incomming DoS atack...

    Now, what do I do? Do I really have to be at disposal of this Kids who by anyway doesnt like your work or in my case my game server?

    EV1 says they will block DoS flood while it doesnt harm other server on the router...

    Which most likely 650Mbit will do...

    Do you guys think of anything? Or found a solution for that?

    Thank you.

    Pavel Alves.
    Last edited by Coizado; 04-24-2006 at 11:53 PM.

  2. #2
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    5,073
    Staminus is the best for taking care of DDOS attacked

    650Mbit for staminus is nothing in all honesty.

    You can AIM toro at 'toro00' and he'll give you a price.

    ~Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    http://gigeservers.net/

    They have a neat setup
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Dec 2002
    Location
    Prince Edward Island
    Posts
    2,289
    ThePlanets DOS blocking system has been broken for ages. If they sold the server to you saying its working, I'd call them up and demand a refund.

  5. #5
    LT took your server offline? This concerns me... why can't they block a 650mbit ddos at the router level?

  6. #6
    Hello,

    Yes they did, I asked very clearly before buying it, "Will you protect me, and keep my server running even during a DoS flood atack, no matter how big it is, unlike my last company"

    Answer: Correct.

    That sux guys...

    Do you think that Staminus Will be a good alternative?

    Thank you.

  7. #7
    I will tell you what I think I think you need to go with a provider, and get a dedicated firewall for it. If I was having that much trouble that is what I would do.

  8. #8
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    5,073
    Quote Originally Posted by Coizado
    Hello,

    Yes they did, I asked very clearly before buying it, "Will you protect me, and keep my server running even during a DoS flood atack, no matter how big it is, unlike my last company"

    Answer: Correct.

    That sux guys...

    Do you think that Staminus Will be a good alternative?

    Thank you.
    Staminus would be a very good alternative.

    Depending on the type of attack, etc, Matt is able to filter 2Gbit - 3Gbit without an issue. All this filtering is automated so you see nothing outside of an email telling you that you are currently under attack

    ~Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  9. #9
    Quote Originally Posted by pshepperd
    LT took your server offline? This concerns me... why can't they block a 650mbit ddos at the router level?
    Do you want to try to stop a distributed denial of service attack, most likely using spoofed IP's?
    LT isn't setup for it, nor are many hosts... if you are going to get attacked, you need to be with a host that is especially setup to handle it.

  10. #10
    Join Date
    Jul 2003
    Location
    North Carolina USA
    Posts
    199
    If you are talking about game hosting which requires UDP packets then (correct me if im wrong ) but both Gige and Staminus both block that kind of traffic but like i said im not 100% sure about this so you may want to contact them directly about it. As far as getting attacked im sorry to hear about your ordeal its a shame kids cant play nice and it requires there mommys to sit with them at the computer and supervise so decent people can operate and go about there everyday lives.

    I would like to add that Gigeservers does a excellent job of blocking DDoS iv dealt with them personally and was very pleased with there level of service and prefessional way of handling things.

  11. #11
    Join Date
    Apr 2006
    Location
    Cali
    Posts
    37
    we were hit with an attack when our server was set up. the morons ended up getting root and erased our drive.

    Turns out it was a blessing in disguise. We hadn't hardened the box enough and found some odd ports Plesk had opened for something. I'll have to as my admin for specifics but it was our time using Plesk and we weren't aware of all of the open ports we had. But once we plugged those holes we've been fine.

    I would love to know why people find (D)DOS'ing or hacking into other people's servers fun. We don't run IRC/game servers, talk sh*t about people, or anything. We're just a small design/web shop trying to earn a living. Could anyone help this clueless guy out?

    Why do they do it? And how do they find a freshly installed server so quickly?

  12. #12
    Join Date
    Dec 2004
    Location
    Southwest Florida
    Posts
    955
    Quote Originally Posted by sven04
    we were hit with an attack when our server was set up. the morons ended up getting root and erased our drive.

    Turns out it was a blessing in disguise. We hadn't hardened the box enough and found some odd ports Plesk had opened for something. I'll have to as my admin for specifics but it was our time using Plesk and we weren't aware of all of the open ports we had. But once we plugged those holes we've been fine.

    I would love to know why people find (D)DOS'ing or hacking into other people's servers fun. We don't run IRC/game servers, talk sh*t about people, or anything. We're just a small design/web shop trying to earn a living. Could anyone help this clueless guy out?

    Why do they do it? And how do they find a freshly installed server so quickly?
    A datacenter's IP range is pretty much public record and can be found with the right research.

    It could be that someone's had that IP space before you that got attacked and it probably just continued onto when you came into play on that IP space. Or it could be someone who just doesn't like you, or a client on your server talking smack about said DoS'r, or a person who doesnt' like the datacenter and is flooding all their IP's..

    Never know really.

    I recommend you set up APF firewall and take other precautions.

    Contact Jonesolutions.. They can set your server up, harden it professionally, and set your firewall up. Helped me mitigate my DoS after 24 hours, it filtered to nothing.

    LT took your server offline? This concerns me... why can't they block a 650mbit ddos at the router level?
    LT is an UNMANAGED provider. Which means the end user is suppose to know HOW to block a DoS, or suppress it on a software level. When you report a DoS to LT, they give you the option of giving you new IP space or shutting the server off for a while.

    Why is it people go to Layered Tech, knowing their an unmanaged and CHEAP provider, and expect them to handle everything?

    If you can't mitigate a DOS, you need to go to a MANAGED provider.

  13. #13
    Hello guys,

    Well, acctually, my consern at this point isnt invasion protection, but FLOODing protection, I am able to install a software firewall and confirgure it to protect me in that manner, and besides, this kids arent looking for hacking, they neither want to nor know how to.

    If I am not mistaken they are even Nuking/Flooding/DoSing my domain name, and not the IP directly...

    I sent an email to Staminus, pasting my ticket on Theplanet where they say 650Mbit will harm other server and my server has to be null routed. And thats what they answer me:

    "Hello,
    I have read your WHT thread, and this email. We will protect you up to 2-3
    gbps depending on the attack if you are not doing anything illegal in
    accordance with local and federal laws in the United States.

    --
    Sincerely,
    Matt M.
    Staminus Communications"

    So I guess thats perfect for me, I seriously doubt that they will put toguether enuf shells to over come that limit, speccialy now that google just changed something on their searching system and all "infected-shells-searching-Softwares" based on google, has stoped working.

    Thank you very much guys. If Staminus has the config I want and Windows 2003 Standard Box, I am renting on them.

    Comming here earlyer would have saved me so much mony, GOSH!

    see ya.
    Last edited by Coizado; 04-25-2006 at 08:39 AM.

  14. #14
    Hi all,

    LONG TIME since I last posted on this thread.

    This is just a feedback and a Thanks note.

    I am with staminus now for more then one year... They are great. Nothing is noticed on the atacks besides emails warning about atacks.

    They have sustained up to 2.0GB atack just when we changed to them. No bigger atack was attempted ever since.

    The "kids" got smarter... When they noticed that randomly nuking ports in order to use more bandwidth then the server could handle wouldnt work anymore becouse staminus router was detecting the atack and wasnt sending the packges to my server, consuming only some of its 6GB bandwidth not my server's 100MB, they beggan to nuke the process port, they got the process use to 100% of the processor and evetually lock down. Then I finally got a firewall and configured it to drop syn packages comming from the same IP too fast, and some other firewall rules, now my process runs normally, and sometimes they still try the random nuke, so far, they had no luck on causing any problem. Haha!

    Staminus never null routed my server, ever!

    Matt and toro are very helpfull and nice.

    Thank you all guys for the suggestion. Really apreciate it!

    Sincerely,

    Pavel Alves (Coizado).

  15. #15
    Out of curiosity how much do you now pay extra per month with the firewalls and protection, without including the server price.

  16. #16
    Join Date
    Jun 2006
    Posts
    1,027
    Softlayer do Cisco DDOS protection and again it can be turned on very quickly indeed.
    Damien

  17. #17
    Quote Originally Posted by Coizado View Post
    I am with staminus now for more then one year... They are great. Nothing is noticed on the atacks besides emails warning about atacks.
    Thank you for your feedback, good to hear.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •