Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: a question about DDOS defense

  1. #1
    Junior Member
    Join Date
    Jan 2005
    Posts
    9

    a question about DDOS defense

    our websit was attacked yesterday.

    now DDOS attack is still a very serious problem for us

    is there anybody can give me some suggestions about DDOS defense?

    thank you
    want to be better

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    If you have the money, you can buy a Firewall that will fend off DDOS attacks. Most firewalls have the ability to stop small attacks but large attacks (50Mbps or greater) require a heavy duty DDOS guard. I've seen attacks before that spike @ 900Mbps directed at one computer, but this computer had some cisco firewalls in front of it that was able to null route that IP that the attack was coming from after a few minutes.

    Usually you can use Firewalls along with a IDS system to detect if a protocol is being used for a attack.


    what size of a DDOS attack was it?

    Also is this website hosted on your business data line, or do you have it hosted somewhere?
    =

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Is your attack distributed? Spoofed Ip addresses? Random packet size?


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Junior Member
    Join Date
    Jan 2005
    Posts
    9
    cheyenne1212,thank you for your answers.
    yes we have a firewall along with an IDC system,but still have no use.

    this website was hosed on another server ,so business sites goes well.

    two hours ago ,we change our server's IP adress.NOW that website is run well.

    but if another DDOS attack happened,it will be a disaster.
    want to be better

  5. #5
    Junior Member
    Join Date
    Jan 2005
    Posts
    9
    another DDOS attack happened three hours ago,what can we do?

    perhaps wait until the TCP/IP protol is corrected
    want to be better

  6. #6
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    08:10 to 08:14 (pm & pm) and suddenly "another DDOS attack happened three hours ago", that quite a feat 3 hours in 4 minutes, or did you just notice that you had been DDoSed 3 hours ago....NOW?

    posted Today 08:10 PM
    (post #4)

    cheyenne1212,thank you for your answers.
    yes we have a firewall along with an IDC system,but still have no use.

    this website was hosed on another server ,so business sites goes well.

    two hours ago ,we change our server's IP adress.NOW that website is run well.

    but if another DDOS attack happened,it will be a disaster.

    posted Today 08:14 PM
    (post #5)

    another DDOS attack happened three hours ago,what can we do?

    perhaps wait until the TCP/IP protol is corrected
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  7. #7
    Junior Member
    Join Date
    Jan 2005
    Posts
    9
    yes ,attack never stoped until now

    our website cant open
    want to be better

  8. #8
    Junior Member
    Join Date
    Jan 2005
    Posts
    9
    Originally posted here by chgzkitty
    cheyenne1212,thank you for your answers.
    yes we have a firewall along with an IDC system,but still have no use.

    this website was hosed on another server ,so business sites goes well.

    two hours ago ,we change our server's IP adress.NOW that website is run well.

    but if another DDOS attack happened,it will be a disaster.

    sorry,this message should be post yesterday evening,15 hours ago
    want to be better

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Why not Null route the IP's the attack is coming from in essence "Black Holing" it on your border firewalls.
    =

  10. #10
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    It might make sense to contact your ISP and have them block the attack upstream. This is probably the most sensible thing to do if the DDoS is huge (i.e. coming from a hell of a lot of IP's). Otherwise, null routing is the next best thing to do.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •