Mitigating the DDOS attacks. Possibilities inside. - Page 6

Seary · #51 07-27-2013, 09:49 PM

Cast is going HARD on the ddos attack this weekend, never should have doubted his persistence.

quido · #52 07-27-2013, 10:00 PM

Hardware-based whitelist!

Nuggie · #53 07-27-2013, 10:15 PM

Good read. Not sure which tech geek to believe.

That sucks they shut down whatever was protecting us before.

Keep up the good fight.

Sadre Spinegnawer · #54 07-28-2013, 03:01 AM

Hard to follow what you guys are saying, but luckily I speak leet

Turp_SmokinPurp · #55 07-28-2013, 04:57 AM

Quote:

Originally Posted by Rogean [You must be logged in to view images. Log in or Register.]

It's not a lack of knowledge. It's a lack of time and resources.

I have a full time job that gets increasingly busy in the summer. I have commitments all this weekend. I have a trip coming up that I leave for very soon that will put me away for a week. The timing of all of this shit happening is the worst it could possibly be.

Look up DNS Amplification attack, and you guys will see just how little there is that I can do about it myself. No amount of equipment I put on my side of our data center drop will help line saturation. It's up to our data center. I'm seeing what they are willing to do, as well as their upstream providers (Level3).

We used to have DDoS protection. It's one of the reasons that we moved to the data center we're at now. But then they decomissioned the device and decided to not replace it, so now we're stuck in the data center without mitigation. If there's nothing they can do to stop this then we're looking at literally a month or two for us to find and move to a data center that can.

Again, it's not a lack of information. We already know how to stop it. It's up to the data center if they want to help or not.

And no, other customers are not getting affected. The attack would need to be over 10 GBit for that to occur.

Thanks for the info.

So hopefully the data center helps or if not maybe we can get the equipment they failed to replace, if not move it!

Only 10g, hopefully can fix it. The DDOS culprit is not paying for that weak shit its probably a home setup. Track him down!

Pringles · #56 07-28-2013, 11:42 AM

Quote:

Originally Posted by Rogean [You must be logged in to view images. Log in or Register.]

It's not a lack of knowledge. It's a lack of time and resources.

I have a full time job that gets increasingly busy in the summer. I have commitments all this weekend. I have a trip coming up that I leave for very soon that will put me away for a week. The timing of all of this shit happening is the worst it could possibly be.

Look up DNS Amplification attack, and you guys will see just how little there is that I can do about it myself. No amount of equipment I put on my side of our data center drop will help line saturation. It's up to our data center. I'm seeing what they are willing to do, as well as their upstream providers (Level3).

We used to have DDoS protection. It's one of the reasons that we moved to the data center we're at now. But then they decomissioned the device and decided to not replace it, so now we're stuck in the data center without mitigation. If there's nothing they can do to stop this then we're looking at literally a month or two for us to find and move to a data center that can.

I am just speculating here since I dont know the scope of the attack, only what you noted about DNS amplification attack, but what about firewalling all DNS related traffic on the p99 boxen, and have us to use our own DNS resolution for the server (windows hosts file). Would that at all help? I wouldnt mind making host entries to resolve p99 DNS so that you can shut it off.

Glorindale · #57 07-28-2013, 12:49 PM

Quote:

Originally Posted by Pringles [You must be logged in to view images. Log in or Register.]

I am just speculating here since I dont know the scope of the attack, only what you noted about DNS amplification attack, but what about firewalling all DNS related traffic on the p99 boxen, and have us to use our own DNS resolution for the server (windows hosts file). Would that at all help? I wouldnt mind making host entries to resolve p99 DNS so that you can shut it off.

I think the only thing that would mitigate the problem is a devices that sits on the ISP's side of Rogean's drop (or somewhere in the path of their connection to the rest of the world). That device would need to be able to track DNS name resolution requests so that when the name resolution responses are returned it could then match them up with the requests and block any responses that don't have matching requests (thus blocking the responses to the spoofed requests). Unfortunately doing that on Rogean's side of the drop wouldn't prevent his drop from being saturated which is what he described was the problem.

I think if his ISP isn't willing to help he has no choice but to move to one that would be willing to help if this happens again.

Boiled down....Rogean really cannot do anything himself to prevent this.

DoucLangur · #58 07-28-2013, 04:53 PM

Quote:

Originally Posted by Glorindale [You must be logged in to view images. Log in or Register.]

However, if it is outside of North America I saw screw them and just start blocking IP rangers.

True American dumbass speaking... You're a disgrace to the decent people in the USA.

Glorindale · #59 07-28-2013, 06:23 PM

Quote:

Originally Posted by DoucLangur [You must be logged in to view images. Log in or Register.]

True American dumbass speaking... You're a disgrace to the decent people in the USA.

Ok...I can live with that.