-
January 15th, 2005, 04:20 AM
#1
Junior Member
a question about DDOS defense
our websit was attacked yesterday.
now DDOS attack is still a very serious problem for us
is there anybody can give me some suggestions about DDOS defense?
thank you
-
January 15th, 2005, 05:42 AM
#2
If you have the money, you can buy a Firewall that will fend off DDOS attacks. Most firewalls have the ability to stop small attacks but large attacks (50Mbps or greater) require a heavy duty DDOS guard. I've seen attacks before that spike @ 900Mbps directed at one computer, but this computer had some cisco firewalls in front of it that was able to null route that IP that the attack was coming from after a few minutes.
Usually you can use Firewalls along with a IDS system to detect if a protocol is being used for a attack.
what size of a DDOS attack was it?
Also is this website hosted on your business data line, or do you have it hosted somewhere?
-
January 15th, 2005, 07:02 AM
#3
Is your attack distributed? Spoofed Ip addresses? Random packet size?
PuRe
-
January 16th, 2005, 05:10 AM
#4
Junior Member
cheyenne1212,thank you for your answers.
yes we have a firewall along with an IDC system,but still have no use.
this website was hosed on another server ,so business sites goes well.
two hours ago ,we change our server's IP adress.NOW that website is run well.
but if another DDOS attack happened,it will be a disaster.
-
January 16th, 2005, 05:14 AM
#5
Junior Member
another DDOS attack happened three hours ago,what can we do?
perhaps wait until the TCP/IP protol is corrected
-
January 16th, 2005, 05:27 AM
#6
08:10 to 08:14 (pm & pm) and suddenly "another DDOS attack happened three hours ago", that quite a feat 3 hours in 4 minutes, or did you just notice that you had been DDoSed 3 hours ago....NOW?
posted Today 08:10 PM
(post #4)
cheyenne1212,thank you for your answers.
yes we have a firewall along with an IDC system,but still have no use.
this website was hosed on another server ,so business sites goes well.
two hours ago ,we change our server's IP adress.NOW that website is run well.
but if another DDOS attack happened,it will be a disaster.
posted Today 08:14 PM
(post #5)
another DDOS attack happened three hours ago,what can we do?
perhaps wait until the TCP/IP protol is corrected
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
January 16th, 2005, 07:42 AM
#7
Junior Member
yes ,attack never stoped until now
our website cant open
-
January 16th, 2005, 07:50 AM
#8
Junior Member
Originally posted here by chgzkitty
cheyenne1212,thank you for your answers.
yes we have a firewall along with an IDC system,but still have no use.
this website was hosed on another server ,so business sites goes well.
two hours ago ,we change our server's IP adress.NOW that website is run well.
but if another DDOS attack happened,it will be a disaster.
sorry,this message should be post yesterday evening,15 hours ago
-
January 16th, 2005, 10:05 AM
#9
Why not Null route the IP's the attack is coming from in essence "Black Holing" it on your border firewalls.
-
January 16th, 2005, 02:42 PM
#10
It might make sense to contact your ISP and have them block the attack upstream. This is probably the most sensible thing to do if the DDoS is huge (i.e. coming from a hell of a lot of IP's). Otherwise, null routing is the next best thing to do.
Cheers,
cgkanchi
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|