PDA

View Full Version : Server Security - DDoS attacks


lpxxfaintxx
04-25-2006, 06:18 PM
How would you protect your server from DDoS attacks? I am new at these kind of stuff and I am curious..

Tyler
04-26-2006, 03:39 AM
I'm no expert at managing servers though I do have some prior hacking/linux type based experience in the good ol' days. If memory serves me correctly, and if things haven't changes all that much... I believe there is not much you can do to stop these types of attacks. If someone really wants to do it then they will. You can only really try and stop the effects of the attacks.

lpxxfaintxx
04-26-2006, 06:45 PM
Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.

xMerCLorDx
04-26-2006, 07:38 PM
- Don't make enemies.
- Don't promote immoral, unethical, sectarian, political, inhumane, anti-intellectual property products or services.

The list can continue, even to things you assume are good. Just don't piss off the wrong nerd.

A way to beat them to it if you know who is against your organization is to research the person and take control of their botnet before they tell it to kill your server.

Or the aftermath approach, take the server down, analyze all your logs and determine which sequences were of a DDoS style and ban all those IP's when you associate your server to a new IP/and/or hosting service.

Tyler
04-26-2006, 08:18 PM
Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.

Yeah, you can go the firewall route, and it does help to a degree if properly configured. But again, if they really want to they will.

lpxxfaintxx
04-27-2006, 06:43 AM
Oh, thanks for the replies.

Don't make enemies.

Some people attack just for fun :(

Jason425
04-27-2006, 10:46 PM
Get a beefy server!

The advise about banning ddos IPs is probably the best if you already have a good firewall.

james
04-28-2006, 01:50 AM
a firewall isn't going to help against a DDOS. if packets are getting through to your pipe, even if you are denying them, you're pipe is going to be getting filled with data and become useless. Further, your firewall hardware may become overburdened by the size, number of packets coming on over the network can kill it. With a DOS attack, yo ucan generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario

Jason425
04-28-2006, 11:49 AM
and especially if they're overseas in a 3rd world country

xMerCLorDx
04-28-2006, 02:20 PM
With a DOS attack, you can generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario

I don't see how you could do this in realtime, unless it was only a single attacker. If a DDoS hit you it would take a long time to analyze the logs and determine what sequence the attack was working on.

Even if you were adept, determining that sequence may be faster, but you'd still have to find the sources of the IP's and call the ISP's who own the IP blocks. These calls may take tens of minutes or longer on hold and whatnot. The entire time your firewall's buffer and your bandwidth is reaching critical mass.

and especially if they're overseas in a 3rd world country

are you saying that ISP's overseas are less responsible for malicious activities of their clients?

Jason425
04-28-2006, 03:37 PM
no - they just are less likely to respond than a more modernized country/ISP.

xMerCLorDx
04-28-2006, 04:19 PM
Or maybe the service would be expedited as there isn't beurocratic overhead?

james
04-28-2006, 10:08 PM
With a DOS attack, you can generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario

I don't see how you could do this in realtime, unless it was only a single attacker. If a DDoS hit you it would take a long time to analyze the logs and determine what sequence the attack was working on.

that's exactly what i said. DOS is a single source attack. DDoS is multiple source. A DoS would be possible to cut off, a DDoS would be impossible

xMerCLorDx
04-28-2006, 10:19 PM
impossible != infinitely more difficult

lpxxfaintxx
04-29-2006, 05:56 AM
Well, I know a forums that is getting DDoSed (still going and it's been 2 weeks). The problem is, we think the attacker lives in either China or Russia...

james
04-29-2006, 11:02 PM
impossible != infinitely more difficult

actually, i think that is precisely what is meant by impossible. If you mean "difficult for some n>=N, s.t. N is not worth doing" then yea, != applies ;P