New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
what game?
Why not DDoS protection? I mean there's BuyVM and SecureDragon DDoS protected IP... If its because of the latency maybe tell us where your server's located?
I mean it also depends on what kind of DDoS it is
Spoofed DDOS is so common now that I wonder how many people just assume that it's untraceable and don't even bother trying. I've had a couple attacks from stupid kids that saw a video of how to DOS on YouTube and then fired up a VPS with no effort to hide other than thinking they were hidden behind the VPS they were using. Because of that, I always feel it worth asking first, is it untraceable?
Because if you can trace it down to a residential IP, because kids are stupid, you've got them by the balls.
@fly
It's Left 4 Dead 2.
@HalfEatenPie
unfortunately, the servers are in Europe (prometeus), I chose Europe beacuse l4d2 is more prominent there.
PS: Adding it to the topic
Is it really a DDOS (coming from many IPs) or a small number of IPs you can firewall?
@jarland
Prometeus have 10Gb/s homed network, and I still don't how do get it down with few gigabit + 500K PPS attack
@GaNi the network might be 10G, but the VPS node is on gigabit. When someone tries to send a few gigabits to that node - all customers on the node suffer. As you can see this is not acceptable situation for the provider.
Rough. Yeah you need a quality solution.
@rds100
got it. I've already bothered prometeus once, they warned me but this the second time. I mean there is no simple solution of students out here. DDoS protection, it's way out of my budget.
@raindog308
afaik, it's a spoofed syn.
you are the target of the today ddos? BW can't help here, when the node is hit by half millions small packets there is nothing that can be done unless there is some ddos filtering in place which we don't have :-(
The only solution to save the neighbors on the node is to blackhole the target of the attack...
@prometeus
I completely understand your situation, that's why I didn't rush your ticket.
Don't these packets ruin latency? If not, would a hardware firewall suffice?
firewall capable to handle millions of pps and 2x10G aren't affordable. When I have time and the sources are limited I write some acl on the core router, but in case of ddos blackhole is more efficient, using bgp community we push the target to our upstreams and the traffic don't even show to our border....
Man, I will be happy if you share some techniques about how to trace this stuff
@GaNi, syn floods happens for TCP not UDP. Source uses UDP which is stateless.
Most skids like to attack using botnets from that hacking forum. @jarland cant trace them ones...
If it's not spoofed you just go to the provider it's coming from. It isn't always someone who won't work with you. Get a little cooperation there, get a residential IP if you're lucky and a little ntop + cooperation with your client to figure out who is from that town and pissed at them, google every detail until you've put together their family tree and start making phone calls. If they're in the US, and they often are, remind them of the Computer Fraud & Abuse Act of 1984 and the consequences of a federal crime. Cut a deal where they either cower in fear of you and back off or threaten to turn over all the details to the feds, local police, their ISP, and their parents. Remind them to hug their loved ones.
Doesn't always work, but that doesn't mean it's not worth trying. When the traffic isn't spoofed and so heavy that you just can't get a valid IP anywhere. It's worked for me a few times. I go into a fit of rage. I will ask off work for a few days to fly over there and slash their tires. When someone messes with you, I've found it's best to escalate it to the furthest extent right away. Let them know right away that you're willing to throw away your entire life to ruin theirs. Let them see pure insanity. Most kids will run with their tail between their legs.
I'm joking, of course. Or am I?
Too much lines of text, you're not joking dude
I'll bend over backwards to help out a stranger, that's how I was raised. But you turn around and abuse those people I've helped, try to cut them down and make them submit, I see red.
I thought you turn the other cheek ?
Come at me and don't involve anyone else and I will. Come at my friends, family, or clients, and I won't. I'm not trying to be the "tough guy" or anything, kinda reads that way. When an attacker is traceable they will be dealt with, not ignored. Understandable that only the stupid ones are traceable.
Well, yes, is spoofed udp.
Thankfully this has stopped for me since most Quake 3 based games have been patched for throttling this to the point of being an useless attack :P
You can trace spoofed traffic as well depending how large your and the other network is, for example if you share a common upstream or exchange point you can easily make it out from the peering graphs.
One of the reasons why Ecatel is not present on AMSIX.
@jarland you're fucking insane. end of discussion.
jarland: As a fellow believer in escalating to an extreme in the first instance, I find your post refreshing and re-assuring
I like to think it goes some small way to educating the person on the receiving end that they might reconsider before taking such actions in future. Otherwise they'll just keep thinking they can do it and get away with it, and I would be at least partly responsible if they were to do it to someone else in future.
Plus you get this whole scenario where you one up them, they one up you, and you go back and forth with someone until you both see just how far the other person is willing to go. I think it saves a lot of time and pain to just go ahead and lay out on the table just how serious you are. Throw your cards on the table, see who has the better hand.
Obviously I'm not slashing anyone's tires haha, but it's a metaphor for how I will escalate it beyond what I even feel is appropriate. I've been a bit of a push over for a good part of my life, and I still am sometimes when it only effects me, but I'm not kidding when I say that I care about my clients. I've always enjoyed empowering others.
Currently I don't have this problem so I can't try to see what's going on :P
But I guess the traffic came from several places.
Thanks for the ideas
I am being attacked with that speed and packets at the moment, whole KVM @ prometeus goes down
I got to know who the attacker is & tried to negotiate with him but he wont listen, also he seems to be attacking all the servers around him for fun.
Get a vps from a provider that offers ddos protection...
I have one at stamuinus for 30 dollars per month.
And the attack you are showing will not affect a basic vps from staminus. (With basic ddos protection and some firewall rules from the control panel)
Slitting throats