Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What the hell is this? DDoS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What the hell is this? DDoS?

BuyAdsBuyAds Member

Hello guys.

The SYS system wont detect it as ddos.

Am lousing 20GB Bandwidth every 10 min.

I have checked netstat there are no ips connected.

What could it be?

«1

Comments

  • That's called a DeeDoos

  • Just shut down your server.

  • IshaqIshaq Member

    A DoS is not always big that it causes VAC to interfere, sometimes it is small and consumes a lot of bandwidth legitimately in an attempt to get you suspended for exceeding your bandwidth limit.

    Thanked by 1KwiceroLTD
  • UrDNUrDN Member
    edited May 2015

    @BuyAds said:
    I have checked netstat there are no ips connected.

    If it's a udp flood it's normal that you see nothing with netstat. Use tcpdump or tshark to analyze the traffic.

  • ProfforgProfforg Member
    edited May 2015

    # hiresysadmin

  • apt-get install vnstat?
    or
    apt-get install bwm-ng?

  • BuyAdsBuyAds Member

    Thank to Francesco form BuyVM I know now that am under "NTP amplification attack".

    I dont have access to DDoS firewall (am on SYS) so I have to wait for it to end :(.

    Someone got an idea how can be stopped?

  • perennateperennate Member, Host Rep
    edited May 2015

    BuyAds said: Someone got an idea how can be stopped?

    Since it's not large enough to activate the DDoS filtering, you could simply block incoming NTP traffic

    iptables -I INPUT -p udp --source-port 123 -j DROP

    I don't think you have a strict bandwidth limit?

    Thanked by 2BuyAds linuxthefish
  • True just drop it.

  • BuyAdsBuyAds Member

    @perennate said:
    I don't think you have a strict bandwidth limit?

    Thank you! No, there is no bandwidth limit but am afraid if this goes for days and one day they will suspend me.

  • What about just open the tcp/udp that you need and close all that you dont

  • perennateperennate Member, Host Rep

    BuyAds said: Thank you! No, there is no bandwidth limit but am afraid if this goes for days and one day they will suspend me.

    The command I provided only blocks it from hitting your applications, so that it doesn't affect your services as long as iptables can keep up with it (which it should if it's less than 1gbps and not activating firewall). I don't think they'd suspend you for getting an attack though.

  • BuyAdsBuyAds Member

    Should I just exicute that command only one time without to add or change something?

  • Also try to get a couple of vps and work with a load balancer that works only with private ips for backend

  • perennateperennate Member, Host Rep

    martip07 said: Also try to get a couple of vps and work with a load balancer that works only with private ips for backend

    Hm, what does that have to do with anything?

    BuyAds said: Should I just exicute that command only one time without to add or change something?

    You need that to run every time the interface is reloaded. If you're on Ubuntu/Debian, see https://help.ubuntu.com/community/IptablesHowTo#Configuration_on_startup

    Thanked by 1martip07
  • lazytlazyt Member

    Can't be DeeDoss she was a cute blonde. Dee Doss--n

  • Simple if the loadbalancer got screwed you just have to redirect your domain to one of the backend ips.

    So at the time your balancer is okay just redirect the IP one more time.

    That is an option in my opinion :P

  • BuyAdsBuyAds Member

    @perennate should I change the INPUT to eth0 or should I type the command as it is?

    p.s Am on centos

    Thank you.

  • perennateperennate Member, Host Rep

    The INPUT is a built-in chain in the iptables firewall. It will be used for packets destined for the server. So keep it as is.

    On CentOS I think you just need service iptables save

  • BuyAdsBuyAds Member

    perennate said: CentOS I think you just need service iptables save

    How can I do it? :)

  • Install csf on centos it will be more easy to manage the firewall

  • BuyAdsBuyAds Member

    csf is installed but there is no effect from it :(

    Thanked by 1martip07
  • @BuyAds said:
    csf is installed but there is no effect from it :(

    TESTING = "1"

    • Change the 1 for 0
  • just check it one more time, just in case you forgot to change it.

  • BuyAdsBuyAds Member
    edited May 2015

    Sure its 0. Also Syn flooding enabled.

  • Is yout tcp/udp in/out config configured with all that you need?

  • Can't you just drop UDP via OVH?

  • BuyAdsBuyAds Member

    Am at SoYouStart. NO access to firewall

  • What about changing IP and hiding new IP behind Cloudflare?

  • BuyAdsBuyAds Member

    No chance to do it. Am hosting over 200 sites with private nameservers.

Sign In or Register to comment.