DDOS MONTH

Well the sites that I’m running are being attached with DDOS. i must have been hitting someone nerv that he decided to put the sites down .. i wish he could at least tell me what he want ..

Anyway in order to stop this I’m in seek for a host who can provide some solution against DDOS, Still we are in the process of reviewing the offers

you know any solution please let me know ๐Ÿ™‚

31 Replies to “DDOS MONTH”

  1. Well…DDoS attacks are nothing new. Preventing them is possible but all the solutions are dependent on the ISP or network administrators.

    When you do go for a new host, ask the following questions: (I don’t know if this known to you already)

    1. Do they have packet filtering enabled to prevent IP spoofing? Even if packet filtering is enabled, IP spoofing is still possible but the originators will be limitered to a manageble number. If you can pinpoint the perpertrator or organisation, you would be in a position to do something about it.

    2. Use of packet filters for networks agents. The host only has 1 connection to the internet. The network or host must shield the network point so that on recognition of a DDoS attack, the server can dynamically adapt when it recognises a DDos attack and effectively implement packet filtering which can automatically disrupt the DDoS attack.

    3. Packet Filter Rules. Most hosts or networks don’t do this. They just allow anything to get through. Their should be a active packet filtering method where the host together with the client actually says which packets should be accepted and which refused.

    4. Automatic Attack Recognition. Host should have in place a attack recognition response mechanism that can inform the client if an attack is taking place. Also, if the host or network has an automated response mechanism…this would be even better.

    Of course, in preventing DDoS attacks, its not only the network operators but even the clients and content providers who also have a role to play in trying to prevent such attacks.

    I think I typed to much! As for a host that provides active DDoS prevention…I’m totally clueless. The ISP’s I’m using at the moment have come around to thinking of DDoS attacks although I always try to include the scenario of DDoS attacks in the websites that I script.

  2. Oh yes Waiel….here’s something that I use with my ISP’s….its open source and you can read about it at your own leasure. Its not going to stop DDoS attacks completely but at least it will help you to recognise and see what the hell is going on when A DDoS attack is happening. It also has some prevention mesures.

    The product is called SNORT. As to what it is…Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.

    I hope this helps with your worries…if you have questions, email me :P.

  3. got this when i ask in one of the forum…

    1) increase your network bandwidth and server capacity (load balancer) to take that amount of attacks-expensive
    2) block at ISP side
    3) redirect to other servers.
    4) Implement good security policy
    5) Patch, patch and patch
    6) Ingress/Egress filtering, both at external firewalls/routers
    7) Do vulnerability scans frequently
    8) DDOS usually targets HTTP. see if your webserver supports modules that prevents DDOS

    Point 2) DDOS come from multiple machines located from the Internet, not possible to block all. SEcondly I dont think ISP with chap you

    Point 5,6,7) Purpose of DDOS is to eat ur your bandwidth, freezing incoming/Outgoing traffic, paralysing the company network. So no amt of patching, V.Scanning will help

    point 1 noted but it is not free & can be money intensive (to a certain extent). it depend quite a lot on the risk appetite of the organization as well.

    point 4 is abt putting in controls, refining of processes. ppl who do pt 1 & 4 may not know hacking at all or only know surface hacking so based on yr previous post tht, security consultant muz be a gd hacker, probably tis 2 pt should be invaild from yr context.

  4. Well Justinus…I was targeted once and one of my websites crashed horribly with the result that it gave me endless amounts of headaches.

    Being attacked once was more than enough for me and that made me read up on the subject. Snort is actually a damn good product considering its open source. Of course, I’m also a webdeveloper in a corperate environment and DDOS attacks is something we also worry about here. Of course, we have some pretty nifty software that prevents that kind of thing but I don’t think that Ranma can afford it :P. Also, I’m constantly doing load test on all my applications to determin Breaking point so I can know what the hell could go wrong. Of course, when you are working with minimal resources, its all a toss in the air as far as DDOS is concerned.

    Its all about the ISP though…if the ISP is not doing anything actively to prevent DDOS attacks, get a new one! AO has progressed to the point where it would serve as a wonderful scalp to some up and coming new hacker that wants to prove that his cajone’s actually hang to the floor thereby automatically making him the head honcho.

  5. Hi Ranma. ๐Ÿ™‚ (I don’t know how to reach you other than through here … if I *can* reach you through here). AO isn’t working for me… so I was just wondering if there is anything I can do to help.I hope you’re well.

  6. Ao isn’t working for me as well…I keep on getting 504 errors which mean that the server is not responding to my request to connect to AO.

    Hope this is not another big problem Ranma and hope it gets resolved soon.

    Yo RJ :kkk:

  7. yo blaen KKK … yo RJ KKK

    ya ao having problem quite awhile… maybe we can somehow change the website addresses? like not using ao.com to using another name or change ip address?

    i guess still under attack? that guy or gal very persistent…making the rest of us miserable… he or she should be punished or will be punished…

  8. Hallo Winny

    Good to see you as well! Missed you too :kkk:

    As for our persistent little hacker…there is nothing we can do except try to help ranma to overcome the storm so that he doesn’t loose heart and say to hell with everything. I’m sure he must be getting very frusted!

    Anyways, too all of you….I’m on googletalk so you are welcome to chat with me….

  9. To Winny,

    According to American laws, DDOS abusers can be fined and put into jail for several years. There’s already an example a few months ago. This, however, can be happened only when Ranma can track down who it is.

    About your second post, no, Ranma is never on Google Talk.

  10. well ao is still under attack .. but it will be back when the attack stops

    I’m always available on skype

    the host is collecting logs and tracking the attackers to start a legal action against them

  11. Justinus…thats very interesting…How successful have people been in tracking down people who initiate DDOS attacks?

    Ranma…good to see you….I was worried about you. Unfortunately…I can’t talk on skype so thats a moot point!. However, when AO is online again, I will send you somethings. I want to add a new module to the vbulletin forum that will allow users to add and make there own questionaires.

    I’ve designed the wireframe already and if you agree, I’ll start coding it using html, javascript and php (Object orientated and not procedural).

    However, I’m not sure if the new release of vbulletin will have this functionality built into it. If it doesn’t I would like to make a go of it because I need something like this in OTC…

    I’ll send you the specs when AO is online again or give me an email address where I can mail you.

  12. Thanx for the article justinus…

    However, I would like to say that those articles highlighted hackers or incidents that were locallised to the country of origin.

    What happens when th eperpetrator is a reident of a country which differs from where the crime took place. If I had to hack your computer all the way in australia, would and could you have me prosecuted all the way here in south africa?

    There is no international collaberation between countries when it comes to internet countries.

Leave a Reply

Your email address will not be published. Required fields are marked *