PDA

View Full Version : Attack Mitigation


The Prohacker
21 Mar 2006, 22:14
One of the more common problems I'm sure we all face is denial of service attacks. A few of our communities face fairly regular attacks while others have never. What methods are you using to mitigate the attack?

Our own experience:
We have had to deploy a two tier method. Our hosting provider offers a mitigation service which has done very well in the past, but several of the script kiddies have found ways around it. We also have a custom script that monitors connections to the servers and reports the top 'talkers' to a database. A script watches that database for a huge spike in connections and when x threshold is reached, it is shunned at our firewall.

Overall I would love a more out of the box method, but nothing has seemed to be the magic bullet yet.

Erwin
22 Mar 2006, 05:08
Some software firewalls like apf have anti-dos features.

Paul M
27 Mar 2006, 13:58
At the end of the day, if someone is determined to ddos/flood your site with traffic, there is little you can do.

The Prohacker
27 Mar 2006, 19:38
At the end of the day, if someone is determined to ddos/flood your site with traffic, there is little you can do.


Not completely true. There is a lot you can do; it's just a mater of what length you are willing to go. We had a huge problem with a script kiddie attacking our second largest forum. Eventually we learned his method of attack and were able to block it. We also learned personal information about him and were able to pursue legal actions.

There are several mitigation systems produced by Cisco, TippingPoint, etc.

Erwin
27 Mar 2006, 23:36
A lot of DCs now have hardware anti-dos systems like you listed provided.

SZ|TalonKarrde
01 Apr 2006, 21:03
gigeservers has http://www.ddosprotection.com/ - Which, while I have no personal experience with, is supposed to be rather good. All it takes is pointing your DNS at them, and you're good to go. I figure that if it's anything like their inhouse ProxyShield system, it might be rather pricy.

I'm not sure how redundant this would be if your datacenter already has good dos protection, but if they're still getting through, it might be worth talking with the ddosprotection people.

Robert Basil
10 Apr 2006, 08:58
gigeservers has http://www.ddosprotection.com/ - Which, while I have no personal experience with, is supposed to be rather good. All it takes is pointing your DNS at them, and you're good to go.

I've looked at their system and it does nothing to protect you if the attacker is accessing your server via your IP address and not your domain name.