I've got some jackass that has some personal vendetta against me. The last day and a half, he has been DDoSing my server to the point where my host disabled the IP address until he stops. The thing is, I don't think he'll stop trying to bring my sites down. Is there anything I can do to move my domains elsewhere and prevent this sort of thing from happening again?
Dealing with DDoS attacks
- Thread starter Shockt
- Start date
- Status
Only main thing to do is to null-route the IP until it ends. If it doesn't end... ask your DC to step up their mitigation.
Well, here's a question - what type of DDoS? If it's a SYN flood, disable SYN incoming and/or throttle it using IPTables - this will at least slow it down, but not stop it.
The way it works is it requests a SYN
You reply with a ACK SYN
(it sends 1, you send 2 - therefore creating the overflow/flood)
I think that's right, I'm a little rusty on my DDoS's - but if you throttle for 1 response per IP, per.. lets say .. hour, this should throttle the bandwidth down to half. Then they can block it via their firewalls
Just a suggestion, this is what I did when I ran a hosting company (and helped with VPS's, etc)
The way it works is it requests a SYN
You reply with a ACK SYN
(it sends 1, you send 2 - therefore creating the overflow/flood)
I think that's right, I'm a little rusty on my DDoS's - but if you throttle for 1 response per IP, per.. lets say .. hour, this should throttle the bandwidth down to half. Then they can block it via their firewalls
Just a suggestion, this is what I did when I ran a hosting company (and helped with VPS's, etc)
This is incorrect. There are three phases to the TCP handshake.
1. Computer connects to you with the SYN bit set in the TCP header
2. Your computer responds with both the SYN and ACK bit set in the TCP header
3. Computer sends the last phase with the ACK bit set in the tcp header
All further communications within the TCP session are performed with just the ACK bit set.
Throttling one response per IP per hour will effectively break your site for many, many people.
Although you are completely correct, the method of combating a DoS attack will depend on the method being used.
To the OP, your best bet is to make sure your provider is blocking the attack and that you're not getting charged for the bandwidth. Then wait it out.
Is this a shared hosting account or a dedicated server?
Theres only so much you can do to limit a ddos if it's flooding your port you can't really stop it at the server level but the majority of attacks now adays will be service level attacks (IE against the webserver) which it is going to depend upon the exact nature of the attack on how you deal with it.
If it's just a few hundred or a few thousand ips you can filter them in no time at all, if it's a larger base and it's low bandwidth SYN you could use a tarpit to limit it.
-Scott
Theres only so much you can do to limit a ddos if it's flooding your port you can't really stop it at the server level but the majority of attacks now adays will be service level attacks (IE against the webserver) which it is going to depend upon the exact nature of the attack on how you deal with it.
If it's just a few hundred or a few thousand ips you can filter them in no time at all, if it's a larger base and it's low bandwidth SYN you could use a tarpit to limit it.
-Scott
- Status