vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Big Board Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=172)
-   -   Attack Mitigation (https://vborg.vbsupport.ru/showthread.php?t=111021)

The Prohacker 03-21-2006 08:14 PM
Attack Mitigation
 
One of the more common problems I'm sure we all face is denial of service attacks. A few of our communities face fairly regular attacks while others have never. What methods are you using to mitigate the attack?

Our own experience:
We have had to deploy a two tier method. Our hosting provider offers a mitigation service which has done very well in the past, but several of the script kiddies have found ways around it. We also have a custom script that monitors connections to the servers and reports the top 'talkers' to a database. A script watches that database for a huge spike in connections and when x threshold is reached, it is shunned at our firewall.

Overall I would love a more out of the box method, but nothing has seemed to be the magic bullet yet.

Erwin 03-22-2006 03:08 AM
Some software firewalls like apf have anti-dos features.

Paul M 03-27-2006 11:58 AM
At the end of the day, if someone is determined to ddos/flood your site with traffic, there is little you can do.

The Prohacker 03-27-2006 05:38 PM
Quote:
Originally Posted by Paul M
At the end of the day, if someone is determined to ddos/flood your site with traffic, there is little you can do.

Not completely true. There is a lot you can do; it's just a mater of what length you are willing to go. We had a huge problem with a script kiddie attacking our second largest forum. Eventually we learned his method of attack and were able to block it. We also learned personal information about him and were able to pursue legal actions.

There are several mitigation systems produced by Cisco, TippingPoint, etc.

Erwin 03-27-2006 09:36 PM
A lot of DCs now have hardware anti-dos systems like you listed provided.

SZ|TalonKarrde 04-01-2006 07:03 PM
gigeservers has http://www.ddosprotection.com/ - Which, while I have no personal experience with, is supposed to be rather good. All it takes is pointing your DNS at them, and you're good to go. I figure that if it's anything like their inhouse ProxyShield system, it might be rather pricy.

I'm not sure how redundant this would be if your datacenter already has good dos protection, but if they're still getting through, it might be worth talking with the ddosprotection people.

Robert Basil 04-10-2006 06:58 AM
Quote:
Originally Posted by SZ|TalonKarrde
gigeservers has http://www.ddosprotection.com/ - Which, while I have no personal experience with, is supposed to be rather good. All it takes is pointing your DNS at them, and you're good to go.
I've looked at their system and it does nothing to protect you if the attacker is accessing your server via your IP address and not your domain name.


All times are GMT. The time now is 02:07 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01249 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete