1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Help! My box going down from DOS attacks (Rebel Booter)

Discussion in 'Security' started by ThisOne, Mar 5, 2012.

  1. #1
    My box recently has been DOSed, and I accidentaly heard from some ppl that it's Rebel Booter... How to deny this type of attack?

    CentOS 5.6, under OpenVZ container. List of modules:

    cat /proc/net/ip_tables_matches
    It's only running one application, which listens on UDP port 11111 and TCP port 22222...

    Now my iptables -L -v

    This statistics happened only after 3 hours uptime. 57Gbytes packets dropped by firewall, while only around 90Mbytes legitimate packets accepted... But when attack happened, my box still going timeout / down.

    Another information, when DOS happened, I type netstat -tulpn
    and it seems that there's around 150000 Recv-Q in udp port 11111 (usually 0 Recv-Q)

    Could anyone of you help me?

    Thank you very much, really appreciate it
     
    Last edited: Mar 5, 2012
    ThisOne, Mar 5, 2012 IP
  2. PISG

    PISG Member

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    31
    #2
    1) Change port; 2) Block IP for port scanning
     
    PISG, Mar 8, 2012 IP
  3. KJMS-Chris

    KJMS-Chris Guest

    Messages:
    33
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Get your provider to issue you a new IP
    Hide that IP behind Cloudflare
    Have your provider nullroute the old IP
    See if Cloudflare makes a difference

    If not:
    Buy a BurstNET VPS, which offers some DDoS protection, or RamHost (they handled a pretty weak DDoS that prevented me from SSH but everything worked) to put in front of your server then use the new VPS as a reverse proxy if you're running a website.
     
    KJMS-Chris, Mar 14, 2012 IP
  4. damoncloudflare

    damoncloudflare Greenhorn

    Messages:
    78
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #4
    Thanks for the mention. We can generally help mitigate most DDoS attacks. If you do use CloudFlare & you are having a DDoS attacks, there are some helpful tips about what to do during a DDoS attack.
     
    damoncloudflare, Mar 21, 2012 IP
  5. azmoum

    azmoum Member

    Messages:
    59
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    46
    #5
    azmoum, Mar 26, 2012 IP
  6. damoncloudflare

    damoncloudflare Greenhorn

    Messages:
    78
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #6
    Just a quick note (because of your earlier recommendation) that CloudFlare has released a new DDoS mitigation tool to help our site owners during an attack.
     
    damoncloudflare, Apr 12, 2012 IP
  7. casand

    casand Peon

    Messages:
    268
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Try to change the port address
     
    casand, Apr 22, 2012 IP
  8. ryan1918

    ryan1918 Active Member

    Messages:
    668
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    60
    #8
    I like when anyone mentions ddos attack cloudflare come's into play, They aren't a ddos protection service, even if that's what they are trying to do, If you get a large attack, or a large syn you will get removed from the cloudflare network, If you want it to stop, you need REAL ddos protection which requires REAL money, depending how large the attacks are, how long they go for, and amount of attacks.

    Iptables, and software will not likely do anything, because your connection will get ate up, your router won't be able to handle the PPS or your server can't respond to each and every one so it's overloading itself, Now these will most likely happen before your Pipe is overloaded most of the time.

    I suggest finding the direct source to the problem, trace the ips, report them to the providers, as changing ips, and trying to stop it won't help if they want you down.
     
    ryan1918, Apr 25, 2012 IP
  9. damoncloudflare

    damoncloudflare Greenhorn

    Messages:
    78
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #9
    "I like when anyone mentions ddos attack cloudflare come's into play, They aren't a ddos protection service, even if that's what they are trying to do, If you get a large attack, or a large syn you will get removed from the cloudflare network, If you want it to stop, you need REAL ddos protection which requires REAL money, depending how large the attacks are, how long they go for, and amount of attacks."

    We rarely have to force a site direct because of these issues. We also not remove sites permanently from our network because of an attack (something else has to be going on for us to ban a site from CloudFlare).If an attack on one site does cause issues for other users on that cluster, we do have to temporarily force the site direct so performance isn't affecting other sites on that cluster.

    In addition, our new DDoS mitigation feature does stop a lot of bad traffic from even hitting your server.
     
    damoncloudflare, Apr 26, 2012 IP
  10. fixyourserver

    fixyourserver Peon

    Messages:
    20
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    0
    #10
    I will vouch for CloudFlare on this. I've watched a nearly 100mbit/s inbound drop to under 10 after implementing CloudFlare. Said site had been featured on Sports Illustrated and had expected a dual core server on a 100Mbs port to handle it. It's not that they are a DDoS protection service, it's that the services they offer can pad quite a bit of the blow prior to it reaching your server. They also offer, though vague, different levels of security for your site as well as blocking for entire countries.

    I'm not saying it will definitely resolve your DDoS issues, but for free, you should at least give it a shot.
     
    fixyourserver, May 6, 2012 IP
  11. damoncloudflare

    damoncloudflare Greenhorn

    Messages:
    78
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #11
    We can definitely help mitigate many common attacks. I also have some tips for dealing with a DDoS if you're using CloudFlare.
     
    damoncloudflare, May 7, 2012 IP