Search Results

Search found 139 results on 6 pages for 'ddos'.

Page 1/6 | 1 2 3 4 5 6  | Next Page >

  • Anti-DDoS Question

    - by Andre
    Our company´s main owner (telecon group) wants us to deploy anti-DDoS mechanisms, such as Arbor Pravail, which is a great idea. Although... I have a question... If our main ISP Backbone provider have no anti-DDoS mechanism, means that there is no point we get the Arbor Pravail? An DDoS attack can make damage uniquely the destination IP or to the whole network that the DDoS packets go through? Regards,

    Read the article

  • DDoS attacks to PBX

    - by user316687
    I'm wondering if DDOS attacks to PBX or telecommunications systems is possibe real. According to this links: http://threatpost.com/en_us/blogs/firm-sees-more-ddos-attacks-aimed-telecom-systems-073112 http://news.softpedia.com/news/DDOS-Attacks-Against-Telecom-Systems-Cost-as-Little-as-20-16-Per-Day-284875.shtml it is possible. There are DDOs attacks to web servers, which mostly give them so much concurrent loads or connections that service get unavailable. Many government or non-profit organizations that suffered this kind of attacks, eventually could choose to shutdown their web server and that's it, waiting for these attacks to end. For a DDOs attacks to PBX, I imagine that it would result in telephones getting busy or ringing all the time unstoppably. This kind of attack could really damage any kind organization. Is it possible to do that or are we just in the beginnings?

    Read the article

  • Redundant Router and Load Balancing vs. DDoS attack

    - by colgatta
    With a small server farm at a hoster with great support and conditions, I worry about the increasing number of DDoS attacks against this hoster (not my web project, but other clients on the same location). I have booked a redundant router and load balancer as managed service with this hoster to share the load with all the dedicated servers. However, I was lost again today because another one's project was attacked with DDoS for hours :-( Each hour means hundreds of dollars loss whenever my adserver and tracking is not reachable. Even time-out advertising have to be paid by me but can not be resold to my clients without the servers being available. All the time, the servers, the load and traffic is OK and health, but no chance to keep this stable/online if the hoster is vulnerable. Anyone has ideas or suggestions how to protect - even against DDoS?

    Read the article

  • DDoS nulling to some ips and other options?

    - by Prix
    I am looking for some information in regards DDoS in the follow scenario: I have a server that is behind a Cisco Guard and it will be DDoS'ed, I only care about a set list of IPS that by not means are the attackers. Is it possible to null all other ips but this list to actually get any response to my server or in the long run no matter what I do if they have enough DDoS power I will just go down like a flie ? Is there any recommended company out there that can actually cope with a DDoS ? My server will mainly run several clients that will get connected to a external server and all it needs access to is my local MySQL the the private network so I can access it. There will be no other services runnings such as web or ftp etc at least not to the external ips of the server if i ever have to have any of these service they will be on the private network. The MySQL will be available externally only to 1 safe ip not known by anyone but me and internally at localhost + private network. Are there any solutions ?

    Read the article

  • Concerns about a Dedicated (Windows Server 2008) + DDoS

    - by TheKillerDev
    I am have today a dedicated server with these specs: Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3 And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it. Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall. So, any thoughts on what would be good to prevent from DDoS attacks?

    Read the article

  • Why is "googlehosted.com" in the DNS records for our website after signing up for DDOS protection?

    - by Blake Nic
    Recently we had to get some DDOS protection for our website because of the large attacks we were seeing after getting a bit of popularity. We handed over our domain and hosting information to our DDOS protection provider. It worked perfectly but I have a question. On our DNS records we have the Host and Answer and Type. The host has our domain name there. The answer is this: SOMETEXTXXXX.dv.googlehosted.com. And when I copy and paste it into my browser it gives me a 404 error. But our website still loads and functions as it should. I don't understand why it would need this? I asked them about this and they said it is a method for DDOS protection and the other IPs are the reverse proxy (the other IPs give a 404 error too). Can anyone expand on this more please. How does all this tie in together and make the internet browser know where to point the person with all these reverse proxies and stuff I don't understand. Here is an image for reference:

    Read the article

  • How long do DDoS attacks last?

    - by Susan
    I realize the answer to this question will vary, which is why I'm asking it. If you've suffered a DDoS attack before - how long did it last? Just trying to get an idea of how long we'll have to continue to wage this battle (going on a couple weeks now).

    Read the article

  • Brainstorm: Flood/DoS/DDoS Attack prevention ideas.

    - by Gnarly
    This is not a question asking how to stop an attack. This is simply a thread for anyone and everyone to discuss ideas for preventing, dealing with, and keeping your server alive during these attacks. Do not discuss using 3rd party software, this is a place to make your own ideas and read others. Post examples if you'd like. Post ideas how to filter out flood attacks. Post ideas how to keep your server alive while being under a heavy DDoS attack.

    Read the article

  • DNS Server Spoofed Request Amplification DDoS - Prevention

    - by Shackrock
    I've been conducting security scans, and a new one popped up for me: DNS Server Spoofed Request Amplification DDoS The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server. General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries. I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas? CentOS5 with WHM and CPanel. Also see: http://securitytnt.com/dns-amplification-attack/

    Read the article

  • pfSense + DDoS Protection

    - by Jeremy
    I run a gaming community on a colo with a 100Mbps port. I want to buy a very cheap 35 dollar server with the same 100Mbps port, and run pfSense to use as a hardware firewall. I'm dealing with a bunch of 14 year old kids that have access to botnets, so it can become a bit necessary to get something like this. My overall question, is using pfSense on a cheap identical datacenter/port speed server worth it to actually block DDoS attacks? A bit more into detail since I assume you will ask this, the attacks we receive are normally around 1Gbps. We currently run CentOS using CSF Firewall, and even when using a software firewall, we block 500Mbps UDP floods, or just generic attacks pretty easily. Thanks, - Necro

    Read the article

  • Repeated installation of malicious software to do outbound DDOS attack [duplicate]

    - by user224294
    This question already has an answer here: How do I deal with a compromised server? 12 answers We have a Ubuntu Vitual Private Server hosted by a Canadian company. Out VPS was affected to do "outbound DDOS attack" as reported by server security team. There are 4 files in /boot looks like iptable, please note that the capital letter "I","L". VPS:/boot# ls -lha total 1.8M drwx------ 2 root root 4.0K Jun 3 09:25 . drwxr-xr-x 22 root root 4.0K Jun 3 09:25 .. -r----x--x 1 root root 1.1M Jun 3 09:25 .IptabLes -r----x--x 1 root root 706K Jun 3 09:23 .IptabLex -r----x--x 1 root root 33 Jun 3 09:25 IptabLes -r----x--x 1 root root 33 Jun 3 09:23 IptabLex We deleted them. But after a few hours, they appeared again and the attack resumed. We deleted them again. They resurfaced again. So on and so forth. So finally we have to disable our VPS. Please let us know how can we find the malicious script somewhere in the VPS, which can automatically install such attcking software? Thanks.

    Read the article

  • Server currently under DDOS, not sure what to do

    - by Volex
    My web server is currently under a DDOS attack I believe, the messages log is full of these kind of messages: May 13 15:51:19 kernel: nf_conntrack: table full, dropping packet. May 13 15:51:19 last message repeated 9 times May 13 15:51:24 kernel: __ratelimit: 78 callbacks suppressed May 13 15:51:24 kernel: nf_conntrack: table full, dropping packet. May 13 15:52:06 kernel: possible SYN flooding on port 80. Sending cookies. and a netstat has a huge amount of the following: tcp 0 0 my.host.com:http bb176da0.virtua.com.br:4998 SYN_RECV tcp 0 0 my.host.com:http 187.0.43.109:2694 SYN_RECV tcp 0 0 my.host.com:http 109.229.4.145:1722 SYN_RECV tcp 0 0 my.host.com:http 189-84-163-244.sodobr:63267 SYN_RECV tcp 0 0 my.host.com:http bd66839d.virtua.com.br:3469 SYN_RECV tcp 0 0 my.host.com:http 69.101.56.190.dsl.int:52552 SYN_RECV tcp 0 0 my.host.com:http pc-62-230-47-190.cm.vt:2262 SYN_RECV tcp 0 0 my.host.com:http 189-84-163-244.sodobr:63418 SYN_RECV tcp 0 0 my.host.com:http pc-62-230-47-190.cm.vt:1741 SYN_RECV tcp 0 0 my.host.com:http zaq3d739320.zaq.ne.jp:2141 SYN_RECV tcp 0 0 my.host.com:http netacc-gpn-4-80-73.po:52676 SYN_RECV tcpdump shows: 7:11:08.564510 IP 187-4-1xx-4.xxx.ipd.brasiltelecom.net.br.54821 > my.host.com.http: S 999692166:999692166(0) win 65535 <mss 1452,nop,nop,sackOK> 17:11:08.566347 IP 114-44-171-67.dynamic.hinet.net.1129 > my.host.com.http: S 605369055:605369055(0) win 65535 <mss 1440,nop,nop,sackOK> 17:11:08.570210 IP 200-101-13-130.pvoce300.ipd.brasiltelecom.net.br.5590 > my.host.com.http: S 2813379182:2813379182(0) win 16384 <mss 1460,nop,nop,sackOK> 17:11:08.571290 IP dsl-189-143-30-99-dyn.prod-infinitum.com.mx.1615 > my.host.com.http: S 281542700:281542700(0) win 65535 <mss 1452,nop,nop,sackOK> 17:11:08.583847 IP dsl-189-143-30-99-dyn.prod-infinitum.com.mx.1617 > my.host.com.http: S 499413892:499413892(0) win 65535 <mss 1452,nop,nop,sackOK> 17:11:08.588680 IP 170.51.229.112.2569 > my.host.com.http: S 2195084898:2195084898(0) win 65535 <mss 1460,nop,nop,sackOK> 17:11:08.588773 IP gw2-1.211.ru.3180 > my.host.com.http: F 2315901786:2315901786(0) ack 2620913033 win 64240 17:11:08.590656 IP 200-101-13-130.pvoce300.ipd.brasiltelecom.net.br.5614 > my.host.com.http: S 2813715032:2813715032(0) win 16384 <mss 1460,nop,nop,sackOK> 17:11:08.591212 IP 203.82.82.54.15848 > my.host.com.http: S 4070423507:4070423507(0) win 16384 <mss 1400,nop,nop,sackOK> 17:11:08.591254 IP 203.82.82.54.2545 > my.host.com.http: S 1790910784:1790910784(0) win 16384 <mss 1400,nop,nop,sackOK> 17:11:08.591289 IP 203.82.82.54.28306 > my.host.com.http: S 578615626:578615626(0) win 16384 <mss 1400,nop,nop,sackOK> 17:11:08.591591 IP gw2-1.211.ru.3191 > my.host.com.http: F 2316435991:2316435991(0) ack 2634205972 win 64240 17:11:08.591790 IP 200-101-13-130.pvoce300.ipd.brasiltelecom.net.br.5593 > my.host.com.http: S 2813659017:2813659017(0) win 16384 <mss 1460,nop,nop,sackOK> 17:11:08.593691 IP gw2-1.211.ru.3203 > my.host.com.http: F 2316834420:2316834420(0) ack 2629074987 win 64240 I'm not sure what I can do to limit/mitigate this, currently no webpages are being served, any help gratefully appreciated.

    Read the article

  • Using Varnish (only) for DDoS mitigation

    - by Martin Kanters
    My VPS is suffering from a (D)DoS doing a SYN flood with spoofed IPs. I'm right now searching from ways how to be able to defend (at least a bit) against it. It's running a DirectAdmin apache2 webserver. Mainly used for serving PHP and MySQL. We are using CloudFlare, which are saying that they are able to mitigate (D)DoS at some level, now the attacker knows our real IP address, so CloudFlare isn't helping a bit. I've done some searching on the net and found out about enabling SYN cookies, to defend against it. I've checked my settings and it seems it was enabled all along. I've also read about that Varnish is able to defend against SYN flooding and Slowloris attacks, now I'm pretty interested in using that. The thing is that CloudFlare is already caching a lot from us, and I don't wish to spend too much resources on Varnish. Is it possible and smart to set up Varnish only for the better handling of requests? Are there perhaps better ways which I've missed? Thanks in advance, Martin

    Read the article

  • *Simple* way to block DDoS by number of requests

    - by Eduard Luca
    I have 3 Varnish 3.0.2 servers with Apache 2 as backends, which are being load balanced through a HAproxy separate server. I need to find a very simple program (I'm not much of a sysadmin), which blocks requests from an IP, if that IP has made more than X requests in Y seconds. Would something like this be achievable with a simple solution? Right now I have to block all requests manually with iptables.

    Read the article

  • Preventing DDOS/SYN attacks (as far as possible)

    - by Godius
    Recently my CENTOS machine has been under many attacks. I run MRTG and the TCP connections graph shoots up like crazy when an attack is going on. It results in the machine becoming inaccessible. My MRTG graph: mrtg graph This is my current /etc/sysctl.conf config # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 1 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_max_syn_backlog = 1280 Futher more in my Iptables file (/etc/sysconfig/iptables ) I only have this setup # Generated by iptables-save v1.3.5 on Mon Feb 14 07:07:31 2011 *filter :INPUT ACCEPT [1139630:287215872] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1222418:555508541] Together with the settings above, there are about 800 IP's blocked via the iptables file by lines like: -A INPUT -s 82.77.119.47 -j DROP These have all been added by my hoster, when Ive emailed them in the past about attacks. Im no expert, but im not sure if this is ideal. My question is, what are some good things to add to the iptables file and possibly other files which would make it harder for the attackers to attack my machine without closing out any non-attacking users. Thanks in advance!

    Read the article

  • How much did it cost our competitor to DDoS us at 50 Gbps for two weeks?

    - by MiniQuark
    I know that this question may sound like an invalid serverfault question, but I believe that it's quite valid: the amount of time and effort that a sysadmin should spend on DDoS protection is a direct function of typical DDoS prices. Let me rephrase this: protecting a web site against small attacks is one thing, but resisting 50 Gbps of UDP flood is another and requires time & money. Deciding whether or not to spend that time & money depends on whether such an attack is likely or not, and this in turn depends on how cheap and simple such an attack is for the attacker. So here's the full story: our company has been victim to a massive DDoS attack (over 50 Gbps of UDP traffic, full-time during 2 weeks). We are pretty sure that it's one of our competitors, and we actually know which one, because we were the only two remaining competitors on a very big request for proposal, and the DDoS attack magically stopped the day we won (double hurray, by the way)! These people have proved in the past that they are very dishonest, but we know that they are not technical at all, so we believe that they simply paid for some botnet DDoS service. I would like to know how much these services typically cost, for such a large scale attack. Please do not give any link to such services, I would really hate to give these people any publicity. I understand that a hacker could very well do this for free, but what's a typical price for such an attack if our competitors paid for it through some kind of botnet service? It is really starting to scare me (if we're talking thousands of dollars here, then I am really going to freak off: who knows, they might just hire a hit-man one day?). Of course we filed a complaint, but the police says that they cannot do much about it (DDoS attacks are virtually untraceable, so they say), and our suspicions are not enough to justify them raiding our competitor's offices to search for proofs. For your information, we now changed our infrastructure to be able to sustain such attacks: we now use a major CDN service so that our servers are not directly affected by DDoS attacks. Requests for dynamic pages do get proxied to our servers, but for low level attacks (UDP flood, or Syn floods, for example) we only receive legitimate trafic, so we're fine. If they decide to launch higher level attacks (HTTP flood or slowloris attacks for example), most of the load should be handled by the CDN... at least I hope so! Thank you very much for your help.

    Read the article

  • Looking for DOS/DDOS protection tools and strategies

    - by Alexandre Victoor
    I am working on a java application that exposes webservices for a flash client. Any idea on how to prevent DOS/DDOS attacks ? I cannot use mechanism unfriendly for the end user such as captcha. So far I have found mod_evasive, an apache module which looks quite promising... Any suggestions, best practices, tools I might use ? Thanks in advance

    Read the article

  • What advantages does mod_evasive have over mod_security2 in terms of DDOS protection?

    - by Martynas Sušinskas
    Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the OWASP core rule set. Mod_security is already installed for overall protection, but the question is: is it worth adding mod_evasive besides mod_security just for the DDOS (does it have any major advantages) or the OWASP crs rules in the /experimental_rules/ directory (modsecurity_crs_11_dos_protection.conf) provide the same protection? Or it's just a matter of preference? The sites are not very high traffic normally. Thank you for your answers, Martynas

    Read the article

  • How do i mitigate DDOS attacks on static servers?

    - by acidzombie24
    Here is a slightly different take on DDOS attacks. Rather than a server with dynamic content being attack i was curious how to deal with attacks on servers with STATIC CONTENT. This means cpu tends to not be an issue. Its either bandwidth or connection problems. How would i mitigate a DDOS attack knowing nothing about the attacker (for example country, ip address or anything else). I was wondering is shorting the timeout and increasing amount of connections is an acceptable solution? Or maybe that is completely useless? Also i would limit the amount of connections per IP address. Would the above help or be pointless? Keeping in mind everything is static checking for multiple request of the same page (html, css, js, etc) could be a sign of a attack. What are some measures i can take on a static content server?

    Read the article

1 2 3 4 5 6  | Next Page >