proskater123 Posted June 13, 2012 Share Posted June 13, 2012 So I was reading a forum about DDoS protection. Someone had mentioned DDoS Deflate. Is it worth installing? What do you use for DDoS protection if anything? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 13, 2012 Share Posted June 13, 2012 Protection of a hosted webserver or home server? Quote Link to comment Share on other sites More sharing options...
proskater123 Posted June 14, 2012 Author Share Posted June 14, 2012 Either I guess. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 14, 2012 Share Posted June 14, 2012 For home: Change IP address and don't point a domain name or DNS at it for a while until they give up. Or just unplug your modem for a few hours and go outside :P Hosted servers: Take down the server temporarily. Call hosting company to notify them, but be careful. They could suspend or cancel your account for harmful activities brought towards their servers. Check your ToS. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted June 14, 2012 Share Posted June 14, 2012 (edited) Get the IP(s) of the attacker(s), add them to /etc/hosts.deny or if you're using APF you could do "apf -d 207.96.146.43" ? Should probably deny traffic from offending IP's at the router via the same methods depending on the firmware. Check the logs for whichever service is being ddos'd to get the offending IP. Edited June 14, 2012 by bobbyb1980 Quote Link to comment Share on other sites More sharing options...
Radau Posted June 14, 2012 Share Posted June 14, 2012 I know pfSense does a pretty good job at stopping average attacks combined with the Snort plugin and a proper firewall with honeypots set up on various ports. Haven't had any try to DDOS me on a large scale yet, can't say that I want them to either :P . You shouldn't have any problems though unless you're attracting the wrong kind of attention.. like by hosting a Garry's Mod Dark RP server, gah. Quote Link to comment Share on other sites More sharing options...
digip Posted June 14, 2012 Share Posted June 14, 2012 Try something like Cloudflare if hosting a site, but if from home, just dhcp up a new IP from your ISP. Either unplug the modem for more than 15 minutes, or if you have a router between you and the modem, use mac address cloning, change the routers outside facing mac address, and reboot the modem. Will assign you a new IP since the old one will be leased to a different mac address and then they will be hitting nothing. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 15, 2012 Share Posted June 15, 2012 +1 to Cloudflare, a cloud service that I would definitely recommend to minimize the effects of DDOS. Also taking measures, such as changing your IP address, blocking the offending IP address and leasing another line will help minimize the DDOS effects. Quote Link to comment Share on other sites More sharing options...
digip Posted June 15, 2012 Share Posted June 15, 2012 Also, having redundant round robin DNS, and fail over routing. But thats more internal corporate lans and wans for businesses, load balancing, etc. Home users usually aren't going to need this. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 16, 2012 Share Posted June 16, 2012 Home users usually aren't going to need this. Not to mention the costs involved in purchasing and configuring of the equipments. It would be a bit of an overkill for a home user. Quote Link to comment Share on other sites More sharing options...
izatt82 Posted June 27, 2012 Share Posted June 27, 2012 As much bandwidth as you can afford and or a clustered system with an IPS system outside of your edge. Really need more info as to where this would be and how it would be used. Quote Link to comment Share on other sites More sharing options...
R3verse Posted June 27, 2012 Share Posted June 27, 2012 Dear sir, Which type of server, are you running? Because if you are running Apache, I got some nifty tips for you ;) Sincerely, R3verse. Quote Link to comment Share on other sites More sharing options...
digip Posted June 27, 2012 Share Posted June 27, 2012 Dear sir, Which type of server, are you running? Because if you are running Apache, I got some nifty tips for you ;) Sincerely, R3verse. Why not just have posted them stating, here is what you can try with Apache...or do you not like to share with the rest of us on the playground? Thats ok. I'll keep my toys buried over here in the sandbox... Quote Link to comment Share on other sites More sharing options...
ihackforfun Posted July 6, 2012 Share Posted July 6, 2012 So I was reading a forum about DDoS protection. Someone had mentioned DDoS Deflate. Is it worth installing? What do you use for DDoS protection if anything? I just published an article on DOS and DDOS in PenTest Magazine, here is a small part of the mitigation I discussed in the artice (another part of the article can be found on www.ihackforfun.eu without cost). The text makes nore sense if you read the complete article since I did not only cover website/webserver DOS and DDOS attacks but also network equipment and real world DOS attacks ... It is very hard to defend a web service or web application against every possible DOS attack. It is however possible to mitigate a large number of attacks. Most of the mitigation will be happening on the network equipment. Some of the techniques used are traffic shaping (e.g. there is a limited amount of bandwidth for each specific IP address), request analysis (e.g. drop requests that are malformed), blacklisting/whitelisting (i.e. banning IP addresses that show clear evil intent or only allow IP addresses from known good parties) etc. For websites it is possible to separate static content from other content by using CDN (content delivery networks), this will prevent the picture loading attack from bringing down your web application, the only visible effect will be that for legitimate users the picture will not show but the rest of your web application will work as expected. Some of these mitigations are harmful in themselves, for example blacklisting of evil IP addresses will stop the attack from a botnet but will also prevent every computer in the botnet to reach your website and could be preventing customers to reach your web shop. Many of these mitigations fail to point to the real attacker. Mitigation of DOS attacks might require a significant investment that might be too high for small to medium sized companies. These investments include extra load balancers and higher bandwidth connections. For large companies there is even a service from Arbor Networks that will help in mitigating DOS attacks. For those attacks where servers that are not configured correctly are used, you can contact the server administrator and hope he corrects the settings. This will of course only help after the attack happened but it will prevent that server from being used in subsequent attacks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.