Techware Labs Header

Forums have moved

See this announcement for more details, or just go directly there.


Go Back   Techwarelabs Community > Tech > Security, Privacy, & Spyware

Reply
 
Thread Tools Display Modes
  #1  
Old 04-25-2006, 07:18 PM
lpxxfaintxx lpxxfaintxx is offline
Techie
 
Join Date: Apr 2006
Posts: 84
Default Server Security - DDoS attacks

How would you protect your server from DDoS attacks? I am new at these kind of stuff and I am curious..
Reply With Quote
  #2  
Old 04-26-2006, 04:39 AM
Tyler Tyler is offline
Platinium Techie
 
Join Date: Jan 2005
Location: Edmonton, Alberta, Canada
Posts: 1,078
Send a message via AIM to Tyler Send a message via MSN to Tyler
Default

I'm no expert at managing servers though I do have some prior hacking/linux type based experience in the good ol' days. If memory serves me correctly, and if things haven't changes all that much... I believe there is not much you can do to stop these types of attacks. If someone really wants to do it then they will. You can only really try and stop the effects of the attacks.
__________________
Microsoft believes in making computing easier! What could be easier for consumers than having only ONE choice of software?!?
Reply With Quote
  #3  
Old 04-26-2006, 07:45 PM
lpxxfaintxx lpxxfaintxx is offline
Techie
 
Join Date: Apr 2006
Posts: 84
Default

Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.
Reply With Quote
  #4  
Old 04-26-2006, 08:38 PM
xMerCLorDx
 
Posts: n/a
Default

- Don't make enemies.
- Don't promote immoral, unethical, sectarian, political, inhumane, anti-intellectual property products or services.

The list can continue, even to things you assume are good. Just don't piss off the wrong nerd.

A way to beat them to it if you know who is against your organization is to research the person and take control of their botnet before they tell it to kill your server.

Or the aftermath approach, take the server down, analyze all your logs and determine which sequences were of a DDoS style and ban all those IP's when you associate your server to a new IP/and/or hosting service.
Reply With Quote
  #5  
Old 04-26-2006, 09:18 PM
Tyler Tyler is offline
Platinium Techie
 
Join Date: Jan 2005
Location: Edmonton, Alberta, Canada
Posts: 1,078
Send a message via AIM to Tyler Send a message via MSN to Tyler
Default

Quote:
Originally Posted by lpxxfaintxx
Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.
Yeah, you can go the firewall route, and it does help to a degree if properly configured. But again, if they really want to they will.
__________________
Microsoft believes in making computing easier! What could be easier for consumers than having only ONE choice of software?!?
Reply With Quote
  #6  
Old 04-27-2006, 07:43 AM
lpxxfaintxx lpxxfaintxx is offline
Techie
 
Join Date: Apr 2006
Posts: 84
Default

Oh, thanks for the replies.

Quote:
Don't make enemies.
Some people attack just for fun
Reply With Quote
  #7  
Old 04-27-2006, 11:46 PM
Jason425 Jason425 is offline
Lab Master Techie
 
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
Send a message via AIM to Jason425 Send a message via Yahoo to Jason425
Default

Get a beefy server!

The advise about banning ddos IPs is probably the best if you already have a good firewall.
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net

Reply With Quote
  #8  
Old 04-28-2006, 02:50 AM
james
 
Posts: n/a
Default

a firewall isn't going to help against a DDOS. if packets are getting through to your pipe, even if you are denying them, you're pipe is going to be getting filled with data and become useless. Further, your firewall hardware may become overburdened by the size, number of packets coming on over the network can kill it. With a DOS attack, yo ucan generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario
Reply With Quote
  #9  
Old 04-28-2006, 12:49 PM
Jason425 Jason425 is offline
Lab Master Techie
 
Join Date: Sep 2002
Location: The Matrix
Posts: 7,353
Send a message via AIM to Jason425 Send a message via Yahoo to Jason425
Default

and especially if they're overseas in a 3rd world country
__________________
Dell Inspiron 1420 in Midnight Blue - Intel Core2Duo T7300 2.0GHZ/4MB - 2GB Ram - Nvidia 8400 GS 128mb - DVD/RW - 160GB 7200RPM - 14.1" Antiglare - Intel 4965AGN - Bluetooth 2.0 - 2MP Webcam - Vista Home Premium
2005 Mazda3i in Strato Blue
http://www.jasondsmith.net

Reply With Quote
  #10  
Old 04-28-2006, 03:20 PM
xMerCLorDx
 
Posts: n/a
Default

Quote:
Originally Posted by James
With a DOS attack, you can generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario
I don't see how you could do this in realtime, unless it was only a single attacker. If a DDoS hit you it would take a long time to analyze the logs and determine what sequence the attack was working on.

Even if you were adept, determining that sequence may be faster, but you'd still have to find the sources of the IP's and call the ISP's who own the IP blocks. These calls may take tens of minutes or longer on hold and whatnot. The entire time your firewall's buffer and your bandwidth is reaching critical mass.

Quote:
Originally Posted by Jason425
and especially if they're overseas in a 3rd world country
are you saying that ISP's overseas are less responsible for malicious activities of their clients?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 11:52 AM. Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Forum style by ForumMonkeys.