Results 1 to 14 of 14
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294

    Clients are funny

    So, this guy comes to me with a ddos. I personally do not want to waste my time on that. They are 100mbit, etc. Hes going to experience port saturation sooner or later. So it goes like this

    hello

    i have a server that has been subject to many over 100mbit ddos attacks

    these all seem to be syn floods on port 80, with spoofed ip's, from bots.

    as they are port 80, my datacenter cannot protect me with tippingpoint.

    i was wondering if you knew of any solutions, or configuratons to the server, to help prevent these attacks. they are causing massive service interuption.

    this is pretty urgent,

    thank you
    My reply:

    I can offer no software solutions at this time.
    His reply:

    you dont know much then, search google for syn attacks and you get loads of ways to block them you just need to install.

    whatever, poor administration company it seems.


    Funny he finds it on google, yet he contacts us for help.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
      0 Not allowed!

  2. #2
    Join Date
    Nov 2006
    Location
    USA
    Posts
    762
    Isn't there a different between not being able to offer any solutions and not knowing if there are any solutions?
      0 Not allowed!

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by PersonalJihad
    Isn't there a different between not being able to offer any solutions and not knowing if there are any solutions?

    Some would say that. Being that I don't charge if I can't fix, its not economical for me to try and block it.

    I just love how he jumps out and says google has the answer.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
      0 Not allowed!

  4. #4
    Join Date
    Oct 2005
    Location
    United States
    Posts
    1,403
    He's able to find the info by search on Google, but not sure how to do?
    Tommy Tran - tommy @ vinax.net ::: VINAX, LLC ::: http://vinax.net ::: Since 2004
    Premium Dedicated Servers and Colocation in downtown Chicago (350 E. Cermak Rd)
    Premium Bandwidth, 100% Network & Power Uptime SLA, 24/7 Prompt Tech Support
      0 Not allowed!

  5. #5
    Join Date
    Nov 2002
    Posts
    4,377
    Was this a client or a potential client?
    From the text on the rack911 webpage, as a potential client, I would have expected a more helpful response. Hopefully you gave him more than a one line answer and elaborated as you did in this thread.
      0 Not allowed!

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Techno
    Was this a client or a potential client?
    From the text on the rack911 webpage, as a potential client, I would have expected a more helpful response. Hopefully you gave him more than a one line answer and elaborated as you did in this thread.

    It was a 'potential' client that has submitted several questions over the year and never had work done for him.

    Also Techno from the text on the rack911 webpage, nowhere does it state we will block ddos.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
      0 Not allowed!

  7. #7
    Join Date
    Aug 2004
    Location
    Europe - Asia - Usa
    Posts
    621
    Steven, I'm sadden to see your reply to your customer (or even potential customer). I admit that maybe you feel you do not need to give all your time and effort in helping someone who is not under your management, but your comment;

    "Also Techno from the text on the rack911 webpage, nowhere does it state we will block ddos"

    It is saddening as it would be in the best interest of your current customers if you did help provide away to keep them from being ddos (Denial-of-service attack). I thought this was standard practise through out the market.

    Just because a customer is being ddos, doesn't mean its their fault or that they are a bad customer. All it takes is one 15yr kid with nothing better to do, but bring down a site for fun or for someone not to agree with the sites content for someone to be subject to a ddos. I recall a few years back when WHT may have even been subject to such attacks.

    With respect, I find nothing funny here.
    Since April 2001 Atlantis Services - Proudly servicing everyone's web hosting needs!
    Quote: There is no such thing as "The Best" web hosting provider, but rather only what is best for YOU
      0 Not allowed!

  8. #8
    Join Date
    Dec 2005
    Posts
    1,270
    What is the attack on Steven. I personally like when people give me a one line simple answer. I don't want to read half a page of **** telling me that they can't help me. DDOS can be a hard problem to solve. Maybe Steven doesn't want to get involved in it. That doesn't mean he doesn't know who to solve it.
      0 Not allowed!

  9. #9
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    Quote Originally Posted by Steven
    It was a 'potential' client that has submitted several questions over the year and never had work done for him.

    Well, I fully understand you. My response would be something along "Thank you for your interest but we do not currently offer this software and or service" but I know how it is to have a person asking for quotes / advice over the years and never getting any actual work done. Eventually your responses get shorter and shorter by the time they become just "nope".
      0 Not allowed!

  10. #10
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Atlantis Services
    Steven, I'm sadden to see your reply to your customer (or even potential customer). I admit that maybe you feel you do not need to give all your time and effort in helping someone who is not under your management, but your comment;

    "Also Techno from the text on the rack911 webpage, nowhere does it state we will block ddos"

    It is saddening as it would be in the best interest of your current customers if you did help provide away to keep them from being ddos (Denial-of-service attack). I thought this was standard practise through out the market.

    Just because a customer is being ddos, doesn't mean its their fault or that they are a bad customer. All it takes is one 15yr kid with nothing better to do, but bring down a site for fun or for someone not to agree with the sites content for someone to be subject to a ddos. I recall a few years back when WHT may have even been subject to such attacks.

    With respect, I find nothing funny here.

    If he was a monthly management client I would, but I dont work for free. In a syn flood it is very hard to block. I DO NOT charge until work is complete, in a case like this, work WOULD never be complete and my hours of work would go unpaid, why in the world would I want to waste the time on it.

    For people wishing to have a longer answer, its no different from a store that says NO SHIRT NO SERVICE. They dont explain why they have that rule. All I said was I had no software solution at this time. That is sure as hell better than saying, Sorry I dont want to help you with this.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
      0 Not allowed!

  11. #11
    Join Date
    Nov 2003
    Location
    UK
    Posts
    174
    ddos is easy to stop
    just use iptables

    granted he said they are from bots so maybe the real owner of the infected computer might want to access the website at some point? so just remove the block after the attack is finished

    Although you say no where that you block ddos its important to make your customers happy

    DDoS is nothing new, been around for years, first came about about 6-7 years ago when auth++ came around
    from then it moved onto various different methods..
    todays most popular methods are
    Botnets (army of infected computers) -- Report IP's to ISP or to a anti-botnet group (google can find one)
    Cisco Routers - Where admins are too lazy to change their password from default.. just report ips again..
    and last but not least..
    hacked servers.. but this is generally not too often as its 1 IP attacking the victim.. and thats pretty much useless once its blocked
      0 Not allowed!

  12. #12
    Join Date
    Jul 2005
    Location
    Buffalo, NY
    Posts
    2,626
    Quote Originally Posted by InfoH
    ddos is easy to stop
    just use iptables
    You do realize that a successful DDoS attack (especially 100mbit) goes much further than just tweaking and modifying settings with a server's IP tables, correct?
      0 Not allowed!

  13. #13
    Join Date
    Nov 2003
    Location
    UK
    Posts
    174
    ok so lets look at what the guy has said...

    their 100mbits..
    and their bots?...

    nah i dont think so.. there are very very very few insecure windows machines with 100mbit lines..

    95% of botnets are windows based.. if his server is getting hit from 100mbits (which i'd like to know how he knows their 100mbit?)
    then they are going to be hacked linux servers(unless the guys stupid) OR possibly cisco routers..
    but ddos is controlable.. your right you cant stop it all but you can limit it down enough for it not to cause any major noticeable damage
      0 Not allowed!

  14. #14
    Join Date
    May 2004
    Location
    Pflugerville, TX
    Posts
    11,222
    Closed by OP request.
    Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design
      0 Not allowed!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •