All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDOS Question
Hey guys,
If using a small script like citadel or DDOS deflate, when a real DDOS hits, it should atleast counter and block some IP's before the server ip gets nulled? Or is this entirely dependant on the networks router protection?
It seems to me, the network protection actually null routed it before the 1minute allocated time that ddos deflate runs? (once per min)
Network said screw off, not waiting for your shitty software protection to risk it, time for null route?
If so, fine with me, I just don't know what else to do to help mitigate attacks, I've got iptables, deflate, all ports dropping expect the ones I need (prob useless), but yeah........
I'm also willing to pay for any bandwidth charges by my host, I feel so bad to be honest...
Comments
depends on the type of attack. if its a lot of packets or traffic then most likely you're out of luck as your upstream will be affected too
Even if your software does block the IPs, it makes no difference to your host. The traffic is still reaching your server. You will still get nullrouted if the attack is large enough, and even if you didn't, the software protection would not help.
Why do you drop packets (ddos deflate) if you want to know who sent them..?
Is this because the deflate is based on connections per IP? With a DDOS you can have thousands of IP's with 1 connection each, so rendering deflate useless?
It's called DoS deflate and made by a skiddie in ~2002
Yeah, after looking back at this topic, I want to shoot myself, but I went all out and posted it anyway. I am waiting to see what kind of attack it was from the host and i'll go from there.
The thing that scares me is, if a skiddie can do this, what's stopping them from doing it whenever they want? Seems to me like I will have to keep updating my domain to each different IP assigned to my node that is not null routed?... Then wait the proper amount of time for dns propagation. I think my time has come to a end.
Cloudflare or Rage4 with uptimerobot?
I am working on a ddos protection network for not just HTTP to stop the ever evolving skid race
@Nexus In a case when you are seeing a lot of traffic my suggestion is get a ddos protected ip from @Franciso and the BuyVM crew or from @Kujoe from SecureDragon they both have products which you can place in front of your servers to filter abusive traffic. When using the tunnels they provide a way so that the attack gets tanked before making it to your network and you do not have to worry about changing your ip all the time as well. If you have questions about what they can do for you I would suggest PM to either of those guys, I am sure they would be happy to explain to you what it can and can't do (if they do not feel motivated already to do so in the thread).
welcome to the internet
@Nexus When the unsolicited traffic reaches the victim it's pretty much done.
Every denial of service attack can always be resolved on the upper network node (which by rule of order has more networking capacity - up to a point when getting close to middle path links), working Your way through the nodes up to the attacker and taking him off the net. Stopping a DDOS is something like stopping epileptic seizure.
if its BGP witch auto nulls it's based on traffic being sent, so even if its being blocked at software level traffic is still being sent.
No, you can use BGP to null, it won't go automagically
Correcto.
Auto null isn't an over the counter solution that you get by running your own ASN.
It always requires an extra price of software that's doing analysis and pushing null routes to the router.
Francisco
I think that was intended.
I think that was intended.
Exactly, Automagically™ is property of Pony Corp.
@Francisco
Automatically is a cpanel thing.
I think it was a spelling error and they simply continued with it :P
No, it's an English word.
Muhahaha. >_>
Bah stupid autocorrect :P
Automagically Is what I meant.
My least favorite word, I only see it spamming my email when a service is down and refuses to come back up
Got slammed by the exact same thing today. Both my ip's are null routed, it's game over AFAIK.
I was in SSH while this was happening, it was instant, no lag no nothing, it was raped. I am very fortunate that the DC stopped it pretty quick. But now I am looking for some type of IP filter. Jack and KuJoe and Francisco will be my next step, what a shame really.
Edit: I cant even imagine if I was running a web hosting site.... how'd I feel
@BronzeByte Your network sounds interesting. Let me know when you get it done, I may be interested
No
http://www.adclassix.com/ads/46thor.htm
http://www.adclassix.com/ads/46thor.htm
Hah!
Francisco
Here i see 5 minutes traffic of less than 16Mbps, which is pretty low for a denial of service attack.
If the packets are 64B then it's only below 32768pkt/s.
If the packets are 1500B then it's below 1400pkt/s.
There might be some kind of traffic shaping by the ISP, but still if there is You won't get null routed by the ISP.