Employee Response - 2007-Jan-08 09:52 Hello, We have seen DDOS attack in this server and now we have started firewall for your server which was OFF. We have seen some IP have established more connection in this server.Please try to block the IP's which causing this issue. Please get back to us if you need more assistance. Regards, Winston. my server iis not linux thx but iam iis
koolasia, dos deflate by no means is capable of even mitigating ddos attacks that employ significant bandwidth. I can safely say that there is no slap-on software firewall that can protect a server from ddos attacks. alm3alm, what type of an attack is this & how big is it? You may find this link useful: http://www.wilsonmar.com/1iiscfg.htm There are providers who specialize in mitigating ddos attacks, they do this by running a "protected" network (custom hardware firewalling, custom rules to filter traffic at the router/switch level). Some in the business include gigeservers, blacklotus, awknet & sharktech.
thx will i dont know the type of DDOS attack how can i know it ?? about the big of it its very big as the company tell me and we cannot make manual block for thousand of ips
Ask your datacenter. Or post your mrtg graphs here. Ask them how big it is, how many MB/s or GB/s Also, do you know why you are being targeted? And which site is being targeted? Has the attacker contacted you?
How many syns/second is it? It's really difficult to keep a server reachable without some kind of filtering at the router level... I suggest you check out those providers I listed above.
they told me that I do not have those statistics available at this time. We provide DDOS protection from large inbound attacks and large syn attacks. The attack targeting your server is extremely small in traffic, and due to the number of bots it looks like legitimate traffic as each is only opening a small number of connections (like a normal user).
my provider sofylayer during attack server yes working but the sites become damn slow untill no responding
this list of my Active connection during attack could anyone help to understand what i got in attachment
Do three things. First stop icmp so that no one be able to ping you. iptables -A OUTPUT -s icmp -j DROP Code (markup): use that command from your ssh to stop icmp. Then install mod_security which is an apache module which will help you to resolve botnet attacks. For solving bot net attacks, find out the active httpd connections informations using some log tails and block them using mod_security rules. Third, use the Dos Deflate software as describe in the first reply on the post This is really a great tick which can solve lots of dos and botnet attacks
With Windows Server you may want to enable TCP/IP Filtering on all but the ports you *really* need. So leave open 80,25 TCP and 53 UDP if you're running a basic setup. It also helps to not reply to ANYTHING. Have the firewall set to not reply to pings, etc. This won't stop anything (the nature of a ddos), but it will allow your server to handle a bit more abuse before falling.
Default firewall rules that block ports will not help you defend against ddos that is launched against normal working port that you run, for example, web site tcp port 80.....