Results 1 to 9 of 9
  1. #1
    Join Date
    Apr 2009
    Location
    Australia
    Posts
    180

    Best way of stopping a DDoS Attack?

    What is the best ways to stop DDoS Attacks

  2. #2
    Join Date
    Apr 2007
    Posts
    3,513
    Firewalls and programs like ddos deflate are a good way to slow them.
    Best way is get a data centre that will do it for you.
    - Buying up websites, side-projects and companies - PM Me! -

  3. #3
    Join Date
    Sep 2008
    Location
    /dev/null
    Posts
    469
    this depended on the ddos size if its small like 30-50 Mbps you can use a cheap hardware firewall winch costs like 200/month it self
    and if the ddos size too large like 8 Gbps you must use another hardware firewall which will cost you about 60k + $ @ once like riorey or somthing else

  4. #4
    Join Date
    May 2009
    Location
    SLASH ROOT
    Posts
    853
    If its a huge attack, then contact your NOC. Most of them provide Cisco firewalls which can mitigate the attack to a noticeable extent.

    If its a controllable one, use DDOS mitigating softwares like DOS-Deflate, APF with anti-dos and most importantly tweak your kernel to resist such attacks. (sysctl tweaks)

  5. #5
    Join Date
    Jun 2008
    Location
    India
    Posts
    129
    Yes, that would be good. if it is large you need to check with DC...otherwise you need to setup firewall/iptable rules accoordingly

  6. #6
    You can secure your server by getting good Anti-DDos software installed. And should get csf firewall and apf firewall installed on the server.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  7. #7
    Join Date
    Apr 2004
    Location
    Germany
    Posts
    37
    Always contact your upstream provider (ISP/colo/hosting provider) first of all. Let them know you believe to be under attack and when it started, ask them to check their options and get back to you. Also ask them to tell you how they will deal with attacks against you, and if they plan to shut down your service against your interest.

    Check your contract, do you have a free traffic limit? It can get very expensive to get DDoS attacked if you have a contract which includes limited free traffic, and you pay on top for every extra GB transferred (often found with VPS, for example). If this is the case, ask your ISP to null route your traffic while the attack lasts. This way, you do not pay anymore, but your system(s)/network(s) are not available anymore either. This can be a quick short term fix, you should later investigate into more fine grained options.

    Only now, investigate how the attack is carried out, and how it can be filtered. Use traffic inspection / packet filtering software such as tshark or ngrep (both CLI) or wireshark (GUI). Create a traffic dump and analyze it. If you cannot analyze it yourself, contact someone who can, which can be your ISP or a networking or IT security consultant.

    Once the attack is analyzed, if it is on an application protocol level and you actually use this protocol for legitimate traffic (example: both is true: you run a web server and this attack is targetting TCP port 80), mitigate it yourself. Use snort or another IPS and create rulesets for it, or mod_security if it's a HTTP based attack against a hosted website (and you run Apache).

    If you also maintain the network, setup a BSD router with good network interface cards and lots of RAM, and put it in front of your network (next to your upstream provider), and have it filter the traffic using pf. To do so, you will need to gather a blacklist of the attacking hosts. If you do not maintain your own network or expect your upstream provider to act quickly to mitigate this attack, then just gather the backlist and pass it to your upstream provider. Keep in mind that bandwidth costs do apply (and are likely charged to you) anywhere between the attackers and a firewall which filters out malicious inbound traffic directed to your systems/networks, meaning you will not save money if you pay for bandwidth but only filter out malicious traffic on your very webserver which is under attack.

    Disable all unneccessary services on the targetted systems, keep in mind that DDoS attack patterns often change once they have been mitigated, so keep a close eye on your router/traffic stats. If you do not have traffic stats, make sure you generate some.

    Consider reporting what you know about the attack to the authorities, and/or organizations such as http://shadowserver.org

    Keep talking to your ISP or upstream provider while the attack lasts. See if they can handle the traffic and make sure they are not too unhappy with this attack. If they are, and you need the attacked service to maintain available, consider moving to a different provider which can provide you with more and cheaper bandwidth, if maybe just temporarily.

    Once the attack is over, talk to your ISP/upstream provider again, and see how they feel about continuing to host you/provide your with upstream/exchange traffic with you/peer with you. Ask them to remove the blacklisting, if any. Prepare for additional DDoS attacks if you can expect to receive more.
    Last edited by mnaumann; 08-25-2009 at 08:19 AM.

  8. #8
    Join Date
    Aug 2009
    Posts
    81
    You can try to protect it by configuring CSF or APF.

  9. #9
    Join Date
    Nov 2007
    Location
    India
    Posts
    843
    Quote Originally Posted by angathan View Post
    You can try to protect it by configuring CSF or APF.
    CSF or APF wont work in this case
    HostNotch Hosting Services 99.9% uptime Shared Hosting, Reseller Hosting
    yajur | Sales Team
    CPanel Hosting R1 Soft Offsite-Backup Great Uptime
    http://hostnotch.com sales @ hostnotch.com

Similar Threads

  1. Is this a DDoS attack?
    By pedro2010 in forum Hosting Security and Technology
    Replies: 8
    Last Post: 08-05-2009, 06:07 PM
  2. Ddos Attack Need Help Please
    By Navid1 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 12-31-2006, 01:38 AM
  3. [help]ddos Attack
    By ranjangnow in forum Dedicated Server
    Replies: 36
    Last Post: 06-23-2006, 11:39 AM
  4. ddos attack?
    By webwormx in forum Web Hosting
    Replies: 11
    Last Post: 03-03-2004, 03:52 PM
  5. DDos Attack
    By clocker1996 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 12-22-2001, 01:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •