Results 1 to 9 of 9
-
08-25-2009, 05:27 AM #1Junior Guru
- Join Date
- Apr 2009
- Location
- Australia
- Posts
- 184
Best way of stopping a DDoS Attack?
What is the best ways to stop DDoS Attacks
-
08-25-2009, 05:33 AM #2Web Hosting Master
- Join Date
- Apr 2007
- Posts
- 3,531
Firewalls and programs like ddos deflate are a good way to slow them.
Best way is get a data centre that will do it for you.BotWars.io - Code the AI of your Battle Bot!
-
08-25-2009, 05:38 AM #3Web Hosting Evangelist
- Join Date
- Sep 2008
- Location
- /dev/null
- Posts
- 469
this depended on the ddos size if its small like 30-50 Mbps you can use a cheap hardware firewall winch costs like 200/month it self
and if the ddos size too large like 8 Gbps you must use another hardware firewall which will cost you about 60k + $ @ once like riorey or somthing else
-
08-25-2009, 06:23 AM #4PING PONG
- Join Date
- May 2009
- Location
- SLASH ROOT
- Posts
- 867
If its a huge attack, then contact your NOC. Most of them provide Cisco firewalls which can mitigate the attack to a noticeable extent.
If its a controllable one, use DDOS mitigating softwares like DOS-Deflate, APF with anti-dos and most importantly tweak your kernel to resist such attacks. (sysctl tweaks)█ WebHostRepo.com
█ Linux | Windows | VPS | Cloud
█ Outsourced Technical Support since 2009
█ sales@webhostrepo.com
-
08-25-2009, 06:48 AM #5WHT Addict
- Join Date
- Jun 2008
- Location
- India
- Posts
- 130
Yes, that would be good. if it is large you need to check with DC...otherwise you need to setup firewall/iptable rules accoordingly
-
08-25-2009, 07:33 AM #6Support Facility
- Join Date
- Jun 2009
- Posts
- 2,335
You can secure your server by getting good Anti-DDos software installed. And should get csf firewall and apf firewall installed on the server.
-
08-25-2009, 08:11 AM #7Junior Guru Wannabe
- Join Date
- Apr 2004
- Location
- Germany
- Posts
- 37
Always contact your upstream provider (ISP/colo/hosting provider) first of all. Let them know you believe to be under attack and when it started, ask them to check their options and get back to you. Also ask them to tell you how they will deal with attacks against you, and if they plan to shut down your service against your interest.
Check your contract, do you have a free traffic limit? It can get very expensive to get DDoS attacked if you have a contract which includes limited free traffic, and you pay on top for every extra GB transferred (often found with VPS, for example). If this is the case, ask your ISP to null route your traffic while the attack lasts. This way, you do not pay anymore, but your system(s)/network(s) are not available anymore either. This can be a quick short term fix, you should later investigate into more fine grained options.
Only now, investigate how the attack is carried out, and how it can be filtered. Use traffic inspection / packet filtering software such as tshark or ngrep (both CLI) or wireshark (GUI). Create a traffic dump and analyze it. If you cannot analyze it yourself, contact someone who can, which can be your ISP or a networking or IT security consultant.
Once the attack is analyzed, if it is on an application protocol level and you actually use this protocol for legitimate traffic (example: both is true: you run a web server and this attack is targetting TCP port 80), mitigate it yourself. Use snort or another IPS and create rulesets for it, or mod_security if it's a HTTP based attack against a hosted website (and you run Apache).
If you also maintain the network, setup a BSD router with good network interface cards and lots of RAM, and put it in front of your network (next to your upstream provider), and have it filter the traffic using pf. To do so, you will need to gather a blacklist of the attacking hosts. If you do not maintain your own network or expect your upstream provider to act quickly to mitigate this attack, then just gather the backlist and pass it to your upstream provider. Keep in mind that bandwidth costs do apply (and are likely charged to you) anywhere between the attackers and a firewall which filters out malicious inbound traffic directed to your systems/networks, meaning you will not save money if you pay for bandwidth but only filter out malicious traffic on your very webserver which is under attack.
Disable all unneccessary services on the targetted systems, keep in mind that DDoS attack patterns often change once they have been mitigated, so keep a close eye on your router/traffic stats. If you do not have traffic stats, make sure you generate some.
Consider reporting what you know about the attack to the authorities, and/or organizations such as http://shadowserver.org
Keep talking to your ISP or upstream provider while the attack lasts. See if they can handle the traffic and make sure they are not too unhappy with this attack. If they are, and you need the attacked service to maintain available, consider moving to a different provider which can provide you with more and cheaper bandwidth, if maybe just temporarily.
Once the attack is over, talk to your ISP/upstream provider again, and see how they feel about continuing to host you/provide your with upstream/exchange traffic with you/peer with you. Ask them to remove the blacklisting, if any. Prepare for additional DDoS attacks if you can expect to receive more.Last edited by mnaumann; 08-25-2009 at 08:19 AM.
-
08-25-2009, 12:15 PM #8Junior Guru Wannabe
- Join Date
- Aug 2009
- Posts
- 83
You can try to protect it by configuring CSF or APF.
-
08-25-2009, 02:04 PM #9Web Hosting Master
- Join Date
- Nov 2007
- Location
- India
- Posts
- 843
HostNotch Hosting Services 99.9% uptime Shared Hosting, Reseller Hosting
yajur | Sales Team
CPanel Hosting • R1 Soft • Offsite-Backup • Great Uptime
http://hostnotch.com sales @ hostnotch.com
Similar Threads
-
Is this a DDoS attack?
By pedro2010 in forum Hosting Security and TechnologyReplies: 8Last Post: 08-05-2009, 06:07 PM -
Ddos Attack Need Help Please
By Navid1 in forum Hosting Security and TechnologyReplies: 1Last Post: 12-31-2006, 01:38 AM -
[help]ddos Attack
By ranjangnow in forum Dedicated ServerReplies: 36Last Post: 06-23-2006, 11:39 AM -
ddos attack?
By rrkgargkargekjag in forum Web HostingReplies: 11Last Post: 03-03-2004, 03:52 PM -
DDos Attack
By clocker1996 in forum Hosting Security and TechnologyReplies: 1Last Post: 12-22-2001, 01:15 PM