i was wondering if there was anything i can install on my dedicated server to prevent ddos attacks from taking down the server causing downtime.
wanted to know what other hosts had to say on the situation and what they have done.
It's not software which will block these attacks. And you can filter out bit by bit, but that only does so much.
The least you can do is install a hardware firewall. When things get bad, you need a security expert.
You might be better off in asking somebody who many have the knowledge on how to temporarily deal with DDOS on your server. If you don't know much about it though, better not to try.
I am cooking up some projects...
I reccomend BFD and APF at the very least for firewalls, it's pretty easy stuff to do, if you want real security, get the server hardened by a company.
In either case. Harden the server all you want, if you want to stop the DDOS attacks you need a datacenter prepared for them. I invite anyone to show me successful server uptimes with attacks like these I will list below. ECSPortal receives these attacks on a daily basis by the hundreds. Our uptime has been 99.5% for the last year minus updates/reboots.
Here are a few just the last few days:
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 15:30:48 2006]
End Time: [Mon Sep 18 15:31:00 2006]
Rate: 3,102,234 KiloBits Per Second
Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 15:31:20 2006]
End Time: [Mon Sep 18 15:31:32 2006]
Rate: 3,291,081 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Tue Sep 19 05:37:44 2006]
End Time: [Tue Sep 19 07:14:08 2006]
Rate: 125,883 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 03:59:20 2006]
End Time: [Fri Sep 22 04:00:16 2006]
Rate: 170,353 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 09:09:40 2006]
End Time: [Mon Sep 25 09:09:40 2006]
Rate: 45,334 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 10:46:32 2006]
End Time: [Mon Sep 25 10:46:40 2006]
Rate: 290,709 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 25 15:14:12 2006]
End Time: [Mon Sep 25 15:14:28 2006]
Rate: 4,619,860 Packets Per Second
Attack Destination: 72.20.21.18
Start Time: [Mon Sep 25 15:15:12 2006]
End Time: [Mon Sep 25 15:15:24 2006]
Rate: 1,860,494 Packets Per Second
If you feel you will / are receiving massive attacks by not just a few IP addresses (bot attacks). I would recommend Staminus.net/Gigeservers. We have been itching to try some of the Cisco Guard / Arbornet stuff with ThePlanet but prior testing has shown that most custom configured Linux based routers will eat Cisco alive as a firewall device. The biggest issue is that many datacenters/providers but DDOS protection on a slight backburner. This is exactly why they do not allow IRC/IRCd hosting in most datacenters. (Fastservers.net - perfect example. When we went to them about DDOS protected servers... They said, "Oh we aren't capable of handling large scale attacks and anyone needing to run IRC where you may attract those kinds of attacks... We'd say go to Staminus".
Now in these cases you have to take into mind what kind of site you are running. If you have a site with Warez/Porn/Script Kiddies/Proxies. You most definitely better have good DDOS protection. If your server will be running normal business customers etc. Any datacenter should be fine and just install APF/BFD.
If you want this kind of protection, it will come with a pricetag though.
Last edited by serverorigin; September 26th, 2006 at 23:51.
█ ServerOrigin.Com ethProxy DDoS Mitigation Protect your current server in minutes!
█ [Intrusion Detection CDN DDoS Protected VPS DDoS Cloud Hosting 99.99% SLA AnyCast IP Services]
█ [Enterprise-Class DDoS Protection Automated Datacenter Failover Serving more than 1 million domains!]
Did forget to mention though:
On a server side of things you can install:
APF/BFD/Mod_Evasive
ModSec/Dos-Deflate
Although, without knowledgable configuration of these....They are not nearly as effective. Also, the issue with server side protection in most cases is that by the time the server is hit, it is so bogged down the cron jobs won't even run....If they do, they can't scan the log files from the already massive load of trying to distinguish packets and going through connections of 1k+ via netstat or however it may pull the connection info.
A perfect example would be, a VPS we had hosted at an Internap facility which has "ddos protection" but very minimal. Even though the VPS was unmanaged we installed APF/BFD/Mod-Evasive/ModSec and a custom configuration on the node due to the amount of traffic/attacks this forum was receiving on a daily basis. The problem still came down to the fact that the VPS or the node didn't have the power to block large scale attacks. I see many hosts here offering 'DDOS Protection' but I would do some research first as to where their datacenter is and really what kind of experience they have in DDOS Mitigation. 9/10 situations though, not to down folks on what they call DDOS protection but many companies have NO IDEA what real DDOS attacks can do and never had one. Until they do, they shouldn't offer DDOS Protection. The attacks I listed above are some of the smaller ones we have had over time, and just those kinds of attacks from 1-3 machines can lock up a server with just software related protection. I would also suggest doing some searching on WHT for more information. Good luck in your search.
Last edited by serverorigin; September 27th, 2006 at 00:15.
█ ServerOrigin.Com ethProxy DDoS Mitigation Protect your current server in minutes!
█ [Intrusion Detection CDN DDoS Protected VPS DDoS Cloud Hosting 99.99% SLA AnyCast IP Services]
█ [Enterprise-Class DDoS Protection Automated Datacenter Failover Serving more than 1 million domains!]
Did you try using Dos Deflate? It really works good and small software thats why takes little load. I think you should try it. Search on google with ddos.sh and select the first resultOriginally Posted by Hostexc
Regards
You had a DDOS attack of 3.2 gbps hit you?
Well.. I really do not know what you are talking about. Almost no CISCO router would be able to handle that. A juniper might.
DDOS mitigation equipment that can handle such a large attack is priced at close to $100K.
Also, getting 3.2gpbs of traffic must be very expensive. I wonder what network provider would allow that to keep flowing. Good network providers such as InterNAP will temporarily shut down incoming traffic so you do not get charged a huge amount of money.
Yash, CTO/Co-founder - JodoHost.com
Toll-Free Sales (24x7): 1-888-289-2246
Windows 2003 | Cold Fusion MX | SQL Server | ASP.NET
MultiPlatform Reseller Plans (Windows/Linux/VPS)
Staminus.Net handles all of it. They run only linux based routers and that is why they can handle it otherwise most Cisco routers would dump with that kind of load.
This traffic is never charged to us as it is blocked.
Actually larger than that at times... But you also must keep in mind some of this traffic will get queued and come in a burst that may seem larger than it would normally be. These are as close as it gets to the actual traffic incoming. Here is our log since September:
Attack Destination: 72.20.21.30
Start Time: [Fri Sep 8 17:04:44 2006]
End Time: [Fri Sep 8 17:05:12 2006]
Rate: 129,398 Packets Per Second
Attack Destination: 72.20.21.21
Start Time: [Fri Sep 8 19:55:44 2006]
End Time: [Fri Sep 8 19:58:12 2006]
Rate: 605,799 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Fri Sep 8 22:45:16 2006]
End Time: [Fri Sep 8 22:45:24 2006]
Rate: 291,527 Packets Per Second
Attack Destination: 72.20.21.21
Start Time: [Sat Sep 9 09:05:48 2006]
End Time: [Sat Sep 9 09:07:40 2006]
Rate: 78,838 Packets Per Second
Attack Destination: 72.20.21.21
Start Time: [Sat Sep 9 12:40:52 2006]
End Time: [Sat Sep 9 12:50:16 2006]
Rate: 461,661 KiloBits Per Second
Attack Destination: 72.20.21.20
Start Time: [Sat Sep 9 13:14:52 2006]
End Time: [Sat Sep 9 13:15:04 2006]
Rate: 168,421 Packets Per Second
Attack Destination: 72.20.21.21
Start Time: [Sat Sep 9 16:04:08 2006]
End Time: [Sat Sep 9 16:07:44 2006]
Rate: 309,678 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Sun Sep 10 15:00:24 2006]
End Time: [Sun Sep 10 15:12:08 2006]
Rate: 235,262 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Tue Sep 12 00:53:24 2006]
End Time: [Tue Sep 12 00:59:16 2006]
Rate: 267,812 KiloBits Per Second
Attack Destination: 72.20.21.18
Start Time: [Tue Sep 12 17:34:40 2006]
End Time: [Tue Sep 12 17:41:12 2006]
Rate: 208,205 KiloBits Per Second
Attack Destination: 72.20.21.18
Start Time: [Wed Sep 13 23:01:16 2006]
End Time: [Wed Sep 13 23:03:44 2006]
Rate: 42,141 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Sat Sep 16 17:02:48 2006]
End Time: [Sat Sep 16 17:19:28 2006]
Rate: 21,453 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 10:36:48 2006]
End Time: [Mon Sep 18 10:37:04 2006]
Rate: 2,892,642 KiloBits Per Second
Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 10:37:00 2006]
End Time: [Mon Sep 18 10:37:08 2006]
Rate: 2,015,486 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 15:30:48 2006]
End Time: [Mon Sep 18 15:31:00 2006]
Rate: 3,102,234 KiloBits Per Second
Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 15:31:20 2006]
End Time: [Mon Sep 18 15:31:32 2006]
Rate: 3,291,081 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Tue Sep 19 05:37:44 2006]
End Time: [Tue Sep 19 07:14:08 2006]
Rate: 125,883 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 03:59:20 2006]
End Time: [Fri Sep 22 04:00:16 2006]
Rate: 170,353 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 11:55:32 2006]
End Time: [Fri Sep 22 11:55:36 2006]
Rate: 122,144 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Sun Sep 24 16:06:52 2006]
End Time: [Sun Sep 24 16:07:00 2006]
Rate: 3,673,736 KiloBits Per Second
Attack Destination: 72.20.21.18
Start Time: [Sun Sep 24 16:07:56 2006]
End Time: [Sun Sep 24 16:08:04 2006]
Rate: 1,541,587 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 09:09:40 2006]
End Time: [Mon Sep 25 09:09:40 2006]
Rate: 45,334 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 10:46:32 2006]
End Time: [Mon Sep 25 10:46:40 2006]
Rate: 290,709 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 25 15:14:12 2006]
End Time: [Mon Sep 25 15:14:28 2006]
Rate: 1,619,860 Packets Per Second
Attack Destination: 72.20.21.18
Start Time: [Mon Sep 25 15:15:12 2006]
End Time: [Mon Sep 25 15:15:24 2006]
Rate: 1,860,494 Packets Per Second
Attack Destination: 72.20.21.18
Start Time: [Wed Sep 27 10:41:21 2006]
End Time: [Wed Sep 27 10:42:25 2006]
Rate: 2,398,488 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Wed Sep 27 10:41:25 2006]
End Time: [Wed Sep 27 10:42:17 2006]
Rate: 2,895,830 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Thu Sep 28 01:44:29 2006]
End Time: [Thu Sep 28 01:44:29 2006]
Rate: 49,674 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Thu Sep 28 05:22:53 2006]
End Time: [Thu Sep 28 05:22:57 2006]
Rate: 36,664 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Thu Sep 28 07:14:25 2006]
End Time: [Thu Sep 28 07:14:29 2006]
Rate: 122,125 KiloBits Per Second
Attack Destination: 72.20.3.254
Start Time: [Sun Oct 1 05:07:33 2006]
End Time: [Sun Oct 1 05:07:33 2006]
Rate: 30,745 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Mon Oct 2 03:52:33 2006]
End Time: [Mon Oct 2 03:52:37 2006]
Rate: 135,314 KiloBits Per Second
Attack Destination: 72.20.21.28
Start Time: [Sat Oct 7 16:54:37 2006]
End Time: [Sat Oct 7 17:06:41 2006]
Rate: 27,174 KiloBits Per Second
Attack Destination: 72.20.21.21
Start Time: [Sun Oct 8 09:15:59 2006]
End Time: [Sun Oct 8 09:32:47 2006]
Rate: 645,551 KiloBits Per Second
Last edited by serverorigin; October 10th, 2006 at 00:48.
█ ServerOrigin.Com ethProxy DDoS Mitigation Protect your current server in minutes!
█ [Intrusion Detection CDN DDoS Protected VPS DDoS Cloud Hosting 99.99% SLA AnyCast IP Services]
█ [Enterprise-Class DDoS Protection Automated Datacenter Failover Serving more than 1 million domains!]
Wow thats hard to prevent. One host I know off that get regular DDoS blows is that Dedihostplus.com He gets about 3-5Gbps every day!
Ask them on to prevent it!
reminds me why we dont host questionable content haha
█ Avail Networks, LLC Version 2.0 Coming Soon!
█ Fully Managed Dedicated Servers
█ Premium H-Sphere 2.5 Hosting
█ Bringing Local Service Nationwide
hehe that's why there is a market thoughSomeone has to do it. Course, we host tons of IRCd servers which is where the DDOS attacks come from.
█ ServerOrigin.Com ethProxy DDoS Mitigation Protect your current server in minutes!
█ [Intrusion Detection CDN DDoS Protected VPS DDoS Cloud Hosting 99.99% SLA AnyCast IP Services]
█ [Enterprise-Class DDoS Protection Automated Datacenter Failover Serving more than 1 million domains!]
Oi you
http://www.freewebspace.net/forums/s....php?t=2177410
I susgest fixing this.
Last edited by Darknight; November 20th, 2006 at 12:06.
underg you have dug up like 15 ancient threads recently. check the dates on the posts before responding to them
█ Avail Networks, LLC Version 2.0 Coming Soon!
█ Fully Managed Dedicated Servers
█ Premium H-Sphere 2.5 Hosting
█ Bringing Local Service Nationwide
ok...
if you say so
PS this is not what i really think I just think its easyer to reply with what I did
Hadrick thanks. I need something like this for small DDoS attacks.Did you try using Dos Deflate? It really works good and small software thats why takes little load. I think you should try it. Search on google with ddos.sh and select the first result
Regards
Posting Permissions
Bookmarks