My box recently has been DOSed, and I accidentaly heard from some ppl that it's Rebel Booter... How to deny this type of attack? CentOS 5.6, under OpenVZ container. List of modules: cat /proc/net/ip_tables_matches It's only running one application, which listens on UDP port 11111 and TCP port 22222... Now my iptables -L -v This statistics happened only after 3 hours uptime. 57Gbytes packets dropped by firewall, while only around 90Mbytes legitimate packets accepted... But when attack happened, my box still going timeout / down. Another information, when DOS happened, I type netstat -tulpn and it seems that there's around 150000 Recv-Q in udp port 11111 (usually 0 Recv-Q) Could anyone of you help me? Thank you very much, really appreciate it
Get your provider to issue you a new IP Hide that IP behind Cloudflare Have your provider nullroute the old IP See if Cloudflare makes a difference If not: Buy a BurstNET VPS, which offers some DDoS protection, or RamHost (they handled a pretty weak DDoS that prevented me from SSH but everything worked) to put in front of your server then use the new VPS as a reverse proxy if you're running a website.
Thanks for the mention. We can generally help mitigate most DDoS attacks. If you do use CloudFlare & you are having a DDoS attacks, there are some helpful tips about what to do during a DDoS attack.
First check connections number : http://www.meziamus.net/topic/18-how-to-find-and-check-number-of-connections-to-a-server/ to reduce flooding ips : http://www.meziamus.net/topic/17-prevent-dos-attack-by-csf-firewall/ try CloudFlare ! PM me if you need more help
Just a quick note (because of your earlier recommendation) that CloudFlare has released a new DDoS mitigation tool to help our site owners during an attack.
I like when anyone mentions ddos attack cloudflare come's into play, They aren't a ddos protection service, even if that's what they are trying to do, If you get a large attack, or a large syn you will get removed from the cloudflare network, If you want it to stop, you need REAL ddos protection which requires REAL money, depending how large the attacks are, how long they go for, and amount of attacks. Iptables, and software will not likely do anything, because your connection will get ate up, your router won't be able to handle the PPS or your server can't respond to each and every one so it's overloading itself, Now these will most likely happen before your Pipe is overloaded most of the time. I suggest finding the direct source to the problem, trace the ips, report them to the providers, as changing ips, and trying to stop it won't help if they want you down.
"I like when anyone mentions ddos attack cloudflare come's into play, They aren't a ddos protection service, even if that's what they are trying to do, If you get a large attack, or a large syn you will get removed from the cloudflare network, If you want it to stop, you need REAL ddos protection which requires REAL money, depending how large the attacks are, how long they go for, and amount of attacks." We rarely have to force a site direct because of these issues. We also not remove sites permanently from our network because of an attack (something else has to be going on for us to ban a site from CloudFlare).If an attack on one site does cause issues for other users on that cluster, we do have to temporarily force the site direct so performance isn't affecting other sites on that cluster. In addition, our new DDoS mitigation feature does stop a lot of bad traffic from even hitting your server.
I will vouch for CloudFlare on this. I've watched a nearly 100mbit/s inbound drop to under 10 after implementing CloudFlare. Said site had been featured on Sports Illustrated and had expected a dual core server on a 100Mbs port to handle it. It's not that they are a DDoS protection service, it's that the services they offer can pad quite a bit of the blow prior to it reaching your server. They also offer, though vague, different levels of security for your site as well as blocking for entire countries. I'm not saying it will definitely resolve your DDoS issues, but for free, you should at least give it a shot.
We can definitely help mitigate many common attacks. I also have some tips for dealing with a DDoS if you're using CloudFlare.