DDOS attack

i got some DDOS attack how can i stop it?

 

Install this http://projects.medialayer.com/ddos.html it stops most of the ddos

 

Are you sure it's just ddos and not a botnet attack?

 

Employee Response - 2007-Jan-08 09:52
Hello,

We have seen DDOS attack in this server and now we have started firewall for your server which was OFF.

We have seen some IP have established more connection in this server.Please try to block the IP's which causing this issue.

Please get back to us if you need more assistance.

Regards,
Winston.

my server iis not linux

thx but iam iis

 

Block the IPs and/or switch off the server in the meanwhile before the system gets compromised.

 

Ah im sure windows must be having somewat like dis software

 

koolasia, dos deflate by no means is capable of even mitigating ddos attacks that employ significant bandwidth. I can safely say that there is no slap-on software firewall that can protect a server from ddos attacks.

alm3alm, what type of an attack is this & how big is it?
You may find this link useful:
http://www.wilsonmar.com/1iiscfg.htm

There are providers who specialize in mitigating ddos attacks, they do this by running a "protected" network (custom hardware firewalling, custom rules to filter traffic at the router/switch level). Some in the business include gigeservers, blacklotus, awknet & sharktech.

 

thx will i dont know the type of DDOS attack how can i know it ??

about the big of it its very big as the company tell me and we cannot make manual block for thousand of ips

 

Ask your datacenter. Or post your mrtg graphs here.

Ask them how big it is, how many MB/s or GB/s

Also, do you know why you are being targeted? And which site is being targeted? Has the attacker contacted you?

 

hello eXe

they told me its syn flood

 

i need help with Inbound SYN Flood Attack plz

 

How many syns/second is it? It's really difficult to keep a server reachable without some kind of filtering at the router level... I suggest you check out those providers I listed above.

 

they told me that

I do not have those statistics available at this time. We provide DDOS protection from large inbound attacks and large syn attacks. The attack targeting your server is extremely small in traffic, and due to the number of bots it looks like legitimate traffic as each is only opening a small number of connections (like a normal user).

 

Who is your provider?

Does that mean your server is up?

 

my provider sofylayer

during attack server yes working but the sites become damn slow untill no responding

 

this list of my Active connection during attack

could anyone help to understand what i got in attachment

 

Do three things. First stop icmp so that no one be able to ping you.

iptables -A OUTPUT -s icmp -j DROP

Code (markup):

use that command from your ssh to stop icmp. Then install mod_security which is an apache module which will help you to resolve botnet attacks. For solving bot net attacks, find out the active httpd connections informations using some log tails and block them using mod_security rules.

Third, use the Dos Deflate software as describe in the first reply on the post

This is really a great tick which can solve lots of dos and botnet attacks

 

With Windows Server you may want to enable TCP/IP Filtering on all but the ports you *really* need. So leave open 80,25 TCP and 53 UDP if you're running a basic setup. It also helps to not reply to ANYTHING. Have the firewall set to not reply to pings, etc.

This won't stop anything (the nature of a ddos), but it will allow your server to handle a bit more abuse before falling.

 

Very interesting....I will share this with a friend of mine....

Thank you for posting

 

Default firewall rules that block ports will not help you defend against ddos that is launched against normal working port that you run, for example, web site tcp port 80.....