Hi All;
We've been getting some DDOS attack recently, due to this I was just wond=
ering=20
if we use some network traffic control techniques in order to reduce the =
risk=20
of having the DDOS attack?? is this possible after all?? can we use the=20
traffic control techniques in order to redu reduce the DDOS attack???
--=20
Best Regards
WebAdmin, Salam2U.com
\\\ ||| ///
( @ @ )
--oOOo-(_)-oOOo----------
_\=3D/_
(o o)
--oOOo-(_)-oOOo------
______________________
Revolution does not require corporate support
That, as we enjoy great advantages from the inventions of others, we shou=
ld be=20
glad of an opportunity to serve others by any invention of ours; and this=
we=20
should do freely and generously.
-- Benjamin Franklin
On Thursday 20 Mar 2003 12:49, Webadmin wrote: > We've been getting some DDOS attack recently, due to this I was just > wondering if we use some network traffic control techniques in order to > reduce the risk of having the DDOS attack?? is this possible after all?= ? > can we use the traffic control techniques in order to redu reduce the D= DOS > attack??? I don't think you can reduce the "risk" of being under attack. What sort of an attack are you under? Ping/ICMP flood? Or just a lot of r= obots=20 killing your web server with seemingly valid requests? If you are having your bandwidth between your router and your ISPs all us= ed up=20 by the attack, then you may be out of luck, as congestion and dropping wi= ll=20 most likely occur before any valid traffic gets through to you. OTOH, if it is just your server load that is being affected, then yes, yo= u=20 could potentially do something about it, provided you have some bandwidth= to=20 spare. You could block or reduce the priority of the offending traffic. Y= ou=20 could also analyze logs what hosts are consuming a large amount of resour= ces,=20 or analyze the headers they are sending, and try to separate valid traffi= c by=20 that. Then, just drop all traffic to/from the offending hosts completely,= or=20 reduce their traffic to a minimum priority. You can do this using=20 ipchains/iptables and setting fwmarks on packets to/from relevant machine= s,=20 and then filtering on fwmarks. Ideally, you might be able to ask your ISP to filter out the offending tr= affic=20 before it hits your local router, so it doesn't consume your bandwidth, b= ut=20 that depends on what they are able/willing to do with their network setup= to=20 help you out... I think you will have to be a little more specific about the type of atta= ck=20 you are under for any more specific suggestions... Regards. Gordan
You'll need to identify the sources/ protocols etc and rate limit them. E.g. Ping of Death is avoided by either dropping icmp-echo-request or rate limiting them to 5 per second. Need to use iptables for that. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Webadmin Sent: Thursday, March 20, 2003 6:20 PM To: lartc@mailman.ds9a.nl Subject: [LARTC] Need help please Hi All; We've been getting some DDOS attack recently, due to this I was just wondering if we use some network traffic control techniques in order to reduce the risk of having the DDOS attack?? is this possible after all?? can we use the traffic control techniques in order to redu reduce the DDOS attack??? -- Best Regards WebAdmin, Salam2U.com \\\ ||| /// ( @ @ ) --oOOo-(_)-oOOo---------- _\=/_ (o o) --oOOo-(_)-oOOo------ ______________________ Revolution does not require corporate support That, as we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. -- Benjamin Franklin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/