Results 1 to 5 of 5

Thread: DDoS question

  1. #1
    Join Date
    Aug 2007
    Posts
    905

    DDoS question

    Just out of curiousity, what would happen if you changed the server IP to 127.0.0.1?

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    127.0.0.1 is the localhost IP. Why would you need to change it?
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Jun 2003
    Posts
    364
    If you changed the dns name, assuming the DDoS used the DNS name and not set IP(s), the machines would probably try to "attack" themselves.

    IMHO it is unlikely that the DDoS would use the dns name for your site.

    Changing your dns to point to 127.0.0.1 would not really help you prevent or handle a DoS or DDoS because doing so would give them what they wanted in the first place -- your server offline.

  4. #4
    Join Date
    Aug 2007
    Posts
    905
    Yeah, I thought about them using the actual server IP after I posted the question

  5. #5
    Join Date
    May 2006
    Posts
    1,398
    They would have to be hitting a certain domain before you could change dns to 127.0.0.1 for the bots to attack themselves.

    True you may be giving them what they want by your server being down but in some cases this can work when they see their bots dropping like flies. But its just a constant state of dns resolution and downtime if you had to keep going back and forth doing it so the site would basically be down for a while.

    In some cases though Ive seen attacking botnets get the dns turned around on them to localhost and it stop the attack. Usually have to keep it that way for a day or so then try to go back to normal.

    Ive only had to do it on managment clients with unprotected servers or clients who couldnt upgrade to the needed protection.

    But if its not consuming your pipe, just overwelming you at the server level there is hope depending on how much time you wanna spend. Changing http servers, tcp tuning, and firewall scripts can help mitigate or completely block the attack.

    You would also have to have fair amount of resources to do this. I guess it all boils down to is if this is a client or one of your own sites. Whether you think its worth the work or not.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •