Quote:
Originally Posted by Rogean
[You must be logged in to view images. Log in or Register.]
It's not a lack of knowledge. It's a lack of time and resources.
I have a full time job that gets increasingly busy in the summer. I have commitments all this weekend. I have a trip coming up that I leave for very soon that will put me away for a week. The timing of all of this shit happening is the worst it could possibly be.
Look up DNS Amplification attack, and you guys will see just how little there is that I can do about it myself. No amount of equipment I put on my side of our data center drop will help line saturation. It's up to our data center. I'm seeing what they are willing to do, as well as their upstream providers (Level3).
We used to have DDoS protection. It's one of the reasons that we moved to the data center we're at now. But then they decomissioned the device and decided to not replace it, so now we're stuck in the data center without mitigation. If there's nothing they can do to stop this then we're looking at literally a month or two for us to find and move to a data center that can.
|
I am just speculating here since I dont know the scope of the attack, only what you noted about DNS amplification attack, but what about firewalling all DNS related traffic on the p99 boxen, and have us to use our own DNS resolution for the server (windows hosts file). Would that at all help? I wouldnt mind making host entries to resolve p99 DNS so that you can shut it off.