What Do You Use For Ddos Protection

[proskater123]

So I was reading a forum about DDoS protection. Someone had mentioned DDoS Deflate. Is it worth installing? What do you use for DDoS protection if anything?

[Mr-Protocol]

Protection of a hosted webserver or home server?

[proskater123]

Either I guess.

[Mr-Protocol]

For home: Change IP address and don't point a domain name or DNS at it for a while until they give up. Or just unplug your modem for a few hours and go outside :P

Hosted servers: Take down the server temporarily. Call hosting company to notify them, but be careful. They could suspend or cancel your account for harmful activities brought towards their servers. Check your ToS.

[bobbyb1980]

Get the IP(s) of the attacker(s), add them to /etc/hosts.deny or if you're using APF you could do "apf -d 207.96.146.43" ?

Should probably deny traffic from offending IP's at the router via the same methods depending on the firmware.

Check the logs for whichever service is being ddos'd to get the offending IP.

Edited June 14, 2012 by bobbyb1980

[Radau]

I know pfSense does a pretty good job at stopping average attacks combined with the Snort plugin and a proper firewall with honeypots set up on various ports. Haven't had any try to DDOS me on a large scale yet, can't say that I want them to either :P . You shouldn't have any problems though unless you're attracting the wrong kind of attention.. like by hosting a Garry's Mod Dark RP server, gah.

[digip]

Try something like Cloudflare if hosting a site, but if from home, just dhcp up a new IP from your ISP. Either unplug the modem for more than 15 minutes, or if you have a router between you and the modem, use mac address cloning, change the routers outside facing mac address, and reboot the modem. Will assign you a new IP since the old one will be leased to a different mac address and then they will be hitting nothing.

[Infiltrator]

+1 to Cloudflare, a cloud service that I would definitely recommend to minimize the effects of DDOS.

Also taking measures, such as changing your IP address, blocking the offending IP address and leasing another line will help minimize the DDOS effects.

[digip]

Also, having redundant round robin DNS, and fail over routing. But thats more internal corporate lans and wans for businesses, load balancing, etc. Home users usually aren't going to need this.

[Infiltrator]

Home users usually aren't going to need this.

Not to mention the costs involved in purchasing and configuring of the equipments.

It would be a bit of an overkill for a home user.

[izatt82]

As much bandwidth as you can afford and or a clustered system with an IPS system outside of your edge. Really need more info as to where this would be and how it would be used.

[R3verse]

Dear sir,

Which type of server, are you running?

Because if you are running Apache, I got some nifty tips for you ;)

Sincerely,

R3verse.

[digip]

Dear sir,

Which type of server, are you running?

Because if you are running Apache, I got some nifty tips for you ;)

Sincerely,

R3verse.

Why not just have posted them stating, here is what you can try with Apache...or do you not like to share with the rest of us on the playground? Thats ok. I'll keep my toys buried over here in the sandbox...

[ihackforfun]

So I was reading a forum about DDoS protection. Someone had mentioned DDoS Deflate. Is it worth installing? What do you use for DDoS protection if anything?

I just published an article on DOS and DDOS in PenTest Magazine, here is a small part of the mitigation I discussed in the artice (another part of the article can be found on www.ihackforfun.eu without cost). The text makes nore sense if you read the complete article since I did not only cover website/webserver DOS and DDOS attacks but also network equipment and real world DOS attacks ...

It is very hard to defend a web service or web application

against every possible DOS attack. It is however possible

to mitigate a large number of attacks. Most of the

mitigation will be happening on the network equipment.

Some of the techniques used are traffic shaping (e.g.

there is a limited amount of bandwidth for each specific

IP address), request analysis (e.g. drop requests that are

malformed), blacklisting/whitelisting (i.e. banning IP addresses

that show clear evil intent or only allow IP addresses

from known good parties) etc. For websites it is

possible to separate static content from other content by

using CDN (content delivery networks), this will prevent

the picture loading attack from bringing down your web

application, the only visible effect will be that for legitimate

users the picture will not show but the rest of your

web application will work as expected. Some of these

mitigations are harmful in themselves, for example blacklisting

of evil IP addresses will stop the attack from a botnet

but will also prevent every computer in the botnet to

reach your website and could be preventing customers

to reach your web shop. Many of these mitigations fail to

point to the real attacker. Mitigation of DOS attacks might

require a significant investment that might be too high for

small to medium sized companies. These investments

include extra load balancers and higher bandwidth connections.

For large companies there is even a service

from Arbor Networks that will help in mitigating DOS attacks.

For those attacks where servers that are not configured

correctly are used, you can contact the server administrator

and hope he corrects the settings. This will of

course only help after the attack happened but it will prevent

that server from being used in subsequent attacks.