RMG

Ok, my sites have been down for 17 hour now. Is there ANYTHING that can be done against this? Are large sites like hun, al4a, etc protected against these kind of attacks? or are they just as vunerable as everyone else?

hjnet

Take a look at this threat I guess they´ve found a solution.

Juge

Go to grc.com and read up about what they did. There's not much you can do, except contact your host and hope they know what they are doing.

extreme

Depends on what kind of attack that is launched against you. If the attackers does it right a DDOS attack is nearly impossible to stop.

Anyway, if the attack isn't using spoofing (the source ip of the attack is random/forged/faked) + you're running linux and got root you could just block the offending ip with the builtin linux firewall:

ipchains -A input -j DENY -p all -l -s 1.1.1.1/32 -d 0.0.0.0/0

Would stop all traffic from IP 1.1.1.1.

Another example:

ipchains -A input -j DENY -p all -l -s 1.1.1.1/24 -d 0.0.0.0/0

Would stop all traffic comming from 1.1.1.* (1.1.1.1 - 1.1.1.255)

This is usefull for totally blocking all traffic from a certain ip ... your box will seem totaly nonexistant to the blocked ip.

If you're getting attacked with a PINGflood from many diff IPs You can block it with (again, for linux roots):

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

(any fool with linuxroot could easily launch an pingattack with "ping -f <your ip>". Ping wont fake the sourceIP though so You can easily see where the attack is comming from).

If You're attacked with the classic synflood (eating CPU with halfopen TCP connections) enabling syncookies could help:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

The good thing with the above methods is that they are fairly easy to take. The bad thing is that they will only stop the traffic Out from your box .. . the bandwdith the DOSattack eats going Into your Networkcard/Box cant be stopped this way. For that you have to contact your ISP and tell them a DDOS attack is going on... maybe they can filter the attack in their routers. So, always contact your uplink/isp.

Hope some of this helps..

RMG

seems there is nothing that can be done....I could essentially begin an attack on any site I please. They could try and stop it on a router level, but then there is always a back door.

RMG

Thats what I figured...so if I wanted to i could knock the biggest sites in the adult industry completely off the net and there is nothign that can be done. Talk about fucking power.

extreme

Ye.. mostly that's exactly what it is to the attacker too, a powertrip :/. DDoS is a big problem in todays internetinfrastructure, everybody is so vulnerable. the new generation of the Internet Protocol (IPv6) will address some of the problems with IPv4 (the IP version that's mostly used on internet today) but it will take a long time before IPv6 is more deployd/used then IPv4.

Its mostly just a matter of bandwidth though.. if the attacker can bring up more "bandwidthpower" then you can... he can make your site appear dead. And if he's a scriptkiddie masshacking with the newest remote root sploits found on packetstorm its very likely that he has just that...

Even if he has less bandwidth then you an attacker can use certain tricks like synflood etc, to kill your sites anyway. Read my previous post for possible protection against that.

good luck

RMG

fucking gay

DarkJedi

jesus, just don't fuck with the hackers an no one will be DDoS ing your ass

RMG

It wasn't me....one of the clients of my host who shares with me pissed someone off.

RMG

In any case, my site has been down for nearly 20 hours, time to move

DarkJedi

dude, i'm on the same host - its already up

RMG

hmmm I cant access any of my pages.

Btw...this mostly me just letting of steam.