On Thursday 20 Mar 2003 12:49, Webadmin wrote:> We''ve been getting some DDOS attack recently, due to this I was just > wondering if we use some network traffic control techniques in order to > reduce the risk of having the DDOS attack?? is this possible after all?? > can we use the traffic control techniques in order to redu reduce the DDOS > attack???I don''t think you can reduce the "risk" of being under attack. What sort of an attack are you under? Ping/ICMP flood? Or just a lot of robots killing your web server with seemingly valid requests? If you are having your bandwidth between your router and your ISPs all used up by the attack, then you may be out of luck, as congestion and dropping will most likely occur before any valid traffic gets through to you. OTOH, if it is just your server load that is being affected, then yes, you could potentially do something about it, provided you have some bandwidth to spare. You could block or reduce the priority of the offending traffic. You could also analyze logs what hosts are consuming a large amount of resources, or analyze the headers they are sending, and try to separate valid traffic by that. Then, just drop all traffic to/from the offending hosts completely, or reduce their traffic to a minimum priority. You can do this using ipchains/iptables and setting fwmarks on packets to/from relevant machines, and then filtering on fwmarks. Ideally, you might be able to ask your ISP to filter out the offending traffic before it hits your local router, so it doesn''t consume your bandwidth, but that depends on what they are able/willing to do with their network setup to help you out... I think you will have to be a little more specific about the type of attack you are under for any more specific suggestions... Regards. Gordan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi All; We''ve been getting some DDOS attack recently, due to this I was just wondering if we use some network traffic control techniques in order to reduce the risk of having the DDOS attack?? is this possible after all?? can we use the traffic control techniques in order to redu reduce the DDOS attack??? -- Best Regards WebAdmin, Salam2U.com \\\ ||| /// ( @ @ ) --oOOo-(_)-oOOo---------- _\=/_ (o o) --oOOo-(_)-oOOo------ ______________________ Revolution does not require corporate support That, as we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. -- Benjamin Franklin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Webadmin wrote:>Hi All; >We''ve been getting some DDOS attack recently, due to this I was just wondering >if we use some network traffic control techniques in order to reduce the risk >of having the DDOS attack?? is this possible after all?? can we use the >traffic control techniques in order to redu reduce the DDOS attack??? > > >Hi, There ars some work in progress on this subject. I''m currently working on this kind of solution (I have to implement and test a new solution proposed by my boss). Some related work is already available, you can read the following for further information: (Note that the traffic limitation part is not really currently addressed). CITRA/IDIP D. Sterne, K. Djahandari, B. Wilson, B. Babson, D. Schnackenberg, H. Holliday, and T. Reid. (2001, September 27). "Autonomic Response to Distributed Denial of Service Attacks", in Proceedings of Recent Advances in Intrusion Detection, 4th International Symposium, pp 134-139. Davis, California, USA. [Online]. Available: http://link.springer.de/link/service/series/0558/bibs/2212/22120134.htm D. Schnackenberg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne. (2001, June). "Cooperative intrusion Traceback and Response Architecture (CITRA)", in /Proceedings of the Second DARPA Information Survivability Conference and Exposition (DISCEX II). /Anheim, California, USA. D. Schnackenberg, K. Djahandari, and D. Sterne. (2000, January). "Infrastructure for Intrusion Detection and Response", in /Proceedings of the DARPA Information Survivability Conference and Exposition/. Hilton Head, South Carolina, USA. ACC/Pushback R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. (2001, July 13). "Controlling High Bandwidth Aggregates in the Network (Extended Version)". Draft paper pushback-Jul01.ps, work in progress. AT&T Center for Internet Research at ICSI (ACIRI) and AT&T Labs Research. [Online]. Available: http://www.icir.org/pushback. S. Floyd, S. Bellovin, J. Ioannidis, K. Kompella, R. Mahajan, and V. Paxson. (2001, July). "Pushback Messages for Controlling Aggregates in the Network". Internet-Draft draft-floyd-pushback-messages-00.txt, work in progress. [Online]. Available: http://www.icir.org/pushback, http://www.icir.org/floyd/papers.html Bye, Emmanuel _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
You''ll need to identify the sources/ protocols etc and rate limit them. E.g. Ping of Death is avoided by either dropping icmp-echo-request or rate limiting them to 5 per second. Need to use iptables for that. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Webadmin Sent: Thursday, March 20, 2003 6:20 PM To: lartc@mailman.ds9a.nl Subject: [LARTC] Need help please Hi All; We''ve been getting some DDOS attack recently, due to this I was just wondering if we use some network traffic control techniques in order to reduce the risk of having the DDOS attack?? is this possible after all?? can we use the traffic control techniques in order to redu reduce the DDOS attack??? -- Best Regards WebAdmin, Salam2U.com \\\ ||| /// ( @ @ ) --oOOo-(_)-oOOo---------- _\=/_ (o o) --oOOo-(_)-oOOo------ ______________________ Revolution does not require corporate support That, as we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. -- Benjamin Franklin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/