Results 1 to 4 of 4
  1. #1

    [Help Wanted] UDP D/DoS Attack - Best Prevention?

    Hey,

    I would like to know what are the best ways in preventing a UDP D/DoS Attack. DDoS-Deflate and most programs like that are just for TCP connections, and most of the time only for port 80. What is the best option out there for protection (linux wise) for UDP attacks. I was using shorewall before but it did not do so well so I just switched now to CSF (http://www.configserver.com/cp/csf.html) with WebMin and seems to be working ok. Even though thoes are both firewalls, they seem to have some protection against UDP Attacks. Please note this is a server that just hosts some game servers, no webhosting. What would be my best option here? Any help would be greatly appreciated.

    *Please note these attacks are not meant to take the dedicated server offline, but to crash or hault or lag the game server its directed at. Hope that clears some things up.

    Cya,
    TomBoy123

  2. #2
    If you're running an IRCd, one technique is this:

    Set the name of the hub to a hostname that doesn't exist, eg 'hub.yournet.com', but
    don't add a dns record for it. This way an attacker cannot resolve the host and
    cannot flood it either. Then simply link your servers to the hub by specifying the
    IP or another non-public hostname.
    Example 1: link visibiblename.yournet.com { hostname 194.15.123.16; [etc] };.
    Example 2: link visibiblename.yournet.com { hostname thehostnamethatworks.yournet.com; [etc] };.
    On a sidenote, for the last example you must be sure your nameservers don't allow zone transfers, but that's way too off-topic .

  3. #3
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,878
    * Moved to Technical and Security Issues....

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  4. #4
    Hey,

    [OFFTOPIC]
    Thank you sirius, and sorry for posting it in the Dedicated Server forum, thought it could fit there.
    [ONTOPIC]
    Thank you BD, but I do not host any IRC servers. Only some simple game servers. But that is very good advice to anybody who hosts IRC servers. So anyone have any more advice?

    Cya,
    Tom

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •