Well the sites that I’m running are being attached with DDOS. i must have been hitting someone nerv that he decided to put the sites down .. i wish he could at least tell me what he want ..
Anyway in order to stop this I’m in seek for a host who can provide some solution against DDOS, Still we are in the process of reviewing the offers
you know any solution please let me know 🙂
31 Replies to “DDOS MONTH”
Ranma! I missed you! And I mised AO too. T_T
well… i got pm u some of the soulution from cisco… they have good security protection again this kind of attacks but the prices…not sure…
can u guess who i am 😛
i have pm u some of the soultions from cisco network at irc but no sure how much it will cost… u can ask them for some pricing… maybe u can billed it to the one doing the attacks… 😛
here is the link
see which one more suitable for u to use…
Gues who am i 😛
here are some of the product soluitions… i pm u during irc… from cisco networks… they have good firewalls…
price not too sure… u can ask them
Well…DDoS attacks are nothing new. Preventing them is possible but all the solutions are dependent on the ISP or network administrators.
When you do go for a new host, ask the following questions: (I don’t know if this known to you already)
1. Do they have packet filtering enabled to prevent IP spoofing? Even if packet filtering is enabled, IP spoofing is still possible but the originators will be limitered to a manageble number. If you can pinpoint the perpertrator or organisation, you would be in a position to do something about it.
2. Use of packet filters for networks agents. The host only has 1 connection to the internet. The network or host must shield the network point so that on recognition of a DDoS attack, the server can dynamically adapt when it recognises a DDos attack and effectively implement packet filtering which can automatically disrupt the DDoS attack.
3. Packet Filter Rules. Most hosts or networks don’t do this. They just allow anything to get through. Their should be a active packet filtering method where the host together with the client actually says which packets should be accepted and which refused.
4. Automatic Attack Recognition. Host should have in place a attack recognition response mechanism that can inform the client if an attack is taking place. Also, if the host or network has an automated response mechanism…this would be even better.
Of course, in preventing DDoS attacks, its not only the network operators but even the clients and content providers who also have a role to play in trying to prevent such attacks.
I think I typed to much! As for a host that provides active DDoS prevention…I’m totally clueless. The ISP’s I’m using at the moment have come around to thinking of DDoS attacks although I always try to include the scenario of DDoS attacks in the websites that I script.
Oh yes Waiel….here’s something that I use with my ISP’s….its open source and you can read about it at your own leasure. Its not going to stop DDoS attacks completely but at least it will help you to recognise and see what the hell is going on when A DDoS attack is happening. It also has some prevention mesures.
The product is called SNORT. As to what it is…Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.
I hope this helps with your worries…if you have questions, email me :P.
Forgot to post the damn link for SNORT!!
Here you go Ranma 🙂
So glad AO is back, out of curiousity did what I pm you help at all? Im assuming you got it.
what kind of PM… KKK
Blaen, you seem to be familiar with handling DDOS based on the different protective measures that you discussed so far.
ao under attacks… he or she no life ones… only make people miserable… are the preventive methods working?
got this when i ask in one of the forum…
1) increase your network bandwidth and server capacity (load balancer) to take that amount of attacks-expensive
2) block at ISP side
3) redirect to other servers.
4) Implement good security policy
5) Patch, patch and patch
6) Ingress/Egress filtering, both at external firewalls/routers
7) Do vulnerability scans frequently
8) DDOS usually targets HTTP. see if your webserver supports modules that prevents DDOS
Point 2) DDOS come from multiple machines located from the Internet, not possible to block all. SEcondly I dont think ISP with chap you
Point 5,6,7) Purpose of DDOS is to eat ur your bandwidth, freezing incoming/Outgoing traffic, paralysing the company network. So no amt of patching, V.Scanning will help
point 1 noted but it is not free & can be money intensive (to a certain extent). it depend quite a lot on the risk appetite of the organization as well.
point 4 is abt putting in controls, refining of processes. ppl who do pt 1 & 4 may not know hacking at all or only know surface hacking so based on yr previous post tht, security consultant muz be a gd hacker, probably tis 2 pt should be invaild from yr context.
Well Justinus…I was targeted once and one of my websites crashed horribly with the result that it gave me endless amounts of headaches.
Being attacked once was more than enough for me and that made me read up on the subject. Snort is actually a damn good product considering its open source. Of course, I’m also a webdeveloper in a corperate environment and DDOS attacks is something we also worry about here. Of course, we have some pretty nifty software that prevents that kind of thing but I don’t think that Ranma can afford it :P. Also, I’m constantly doing load test on all my applications to determin Breaking point so I can know what the hell could go wrong. Of course, when you are working with minimal resources, its all a toss in the air as far as DDOS is concerned.
Its all about the ISP though…if the ISP is not doing anything actively to prevent DDOS attacks, get a new one! AO has progressed to the point where it would serve as a wonderful scalp to some up and coming new hacker that wants to prove that his cajone’s actually hang to the floor thereby automatically making him the head honcho.
well i manged to talk to another host and we are working on providing more protection
the site should be protected by next week 🙂
I do believe that our mysterious Blueberry is that perverted wubber…
Really?… i could be a split personality of her…
I don’t really care whether it’s a split personality or MPD. This kind of thing is considered as different persons anyway.
By the way, Ranma…are you interested in this?
Hi Ranma. 🙂 (I don’t know how to reach you other than through here … if I *can* reach you through here). AO isn’t working for me… so I was just wondering if there is anything I can do to help.I hope you’re well.
Ao isn’t working for me as well…I keep on getting 504 errors which mean that the server is not responding to my request to connect to AO.
Hope this is not another big problem Ranma and hope it gets resolved soon.
Yo RJ :kkk:
yo blaen KKK … yo RJ KKK
ya ao having problem quite awhile… maybe we can somehow change the website addresses? like not using ao.com to using another name or change ip address?
i guess still under attack? that guy or gal very persistent…making the rest of us miserable… he or she should be punished or will be punished…
Good to see you as well! Missed you too :kkk:
As for our persistent little hacker…there is nothing we can do except try to help ranma to overcome the storm so that he doesn’t loose heart and say to hell with everything. I’m sure he must be getting very frusted!
Anyways, too all of you….I’m on googletalk so you are welcome to chat with me….
Does Boss on google talk also?
According to American laws, DDOS abusers can be fined and put into jail for several years. There’s already an example a few months ago. This, however, can be happened only when Ranma can track down who it is.
About your second post, no, Ranma is never on Google Talk.
well ao is still under attack .. but it will be back when the attack stops
I’m always available on skype
the host is collecting logs and tracking the attackers to start a legal action against them
Ranma, can you tell me what your Skype username is? If you want to keep it private, e-mail me at [email protected].
Justinus…thats very interesting…How successful have people been in tracking down people who initiate DDOS attacks?
Ranma…good to see you….I was worried about you. Unfortunately…I can’t talk on skype so thats a moot point!. However, when AO is online again, I will send you somethings. I want to add a new module to the vbulletin forum that will allow users to add and make there own questionaires.
However, I’m not sure if the new release of vbulletin will have this functionality built into it. If it doesn’t I would like to make a go of it because I need something like this in OTC…
I’ll send you the specs when AO is online again or give me an email address where I can mail you.
Read this http://www.sophos.com/pressoffice/news/articles/2006/02/garrido.html
The 26-year old Spanish hacker was sentenced 2 years in jail and fined for 1.3 million Euros of damage. The attack affected 3 million Spanish Internet users.
Another example of DDoS doer being put into jail. Read http://www.sophos.com/pressoffice/news/articles/2006/05/anchetasentence.html
The 21-year-old American was sentenced almost 5 years in jail and fined for $15,000 for damage.
Thanx for the article justinus…
However, I would like to say that those articles highlighted hackers or incidents that were locallised to the country of origin.
What happens when th eperpetrator is a reident of a country which differs from where the crime took place. If I had to hack your computer all the way in australia, would and could you have me prosecuted all the way here in south africa?
There is no international collaberation between countries when it comes to internet countries.
did u forget to pay the bills?
what happen to ao?