Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Big Board Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Attack Mitigation Details »»
Attack Mitigation
Version: , by The Prohacker The Prohacker is offline
Developer Last Online: Aug 2018 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 03-21-2006 Last Update: Never Installs: 0
 
No support by the author.

One of the more common problems I'm sure we all face is denial of service attacks. A few of our communities face fairly regular attacks while others have never. What methods are you using to mitigate the attack?

Our own experience:
We have had to deploy a two tier method. Our hosting provider offers a mitigation service which has done very well in the past, but several of the script kiddies have found ways around it. We also have a custom script that monitors connections to the servers and reports the top 'talkers' to a database. A script watches that database for a huge spike in connections and when x threshold is reached, it is shunned at our firewall.

Overall I would love a more out of the box method, but nothing has seemed to be the magic bullet yet.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 03-22-2006, 03:08 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Some software firewalls like apf have anti-dos features.
Reply With Quote
  #3  
Old 03-27-2006, 11:58 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

At the end of the day, if someone is determined to ddos/flood your site with traffic, there is little you can do.
Reply With Quote
  #4  
Old 03-27-2006, 05:38 PM
The Prohacker's Avatar
The Prohacker The Prohacker is offline
 
Join Date: Oct 2001
Location: Dayton, Ohio
Posts: 55
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
At the end of the day, if someone is determined to ddos/flood your site with traffic, there is little you can do.

Not completely true. There is a lot you can do; it's just a mater of what length you are willing to go. We had a huge problem with a script kiddie attacking our second largest forum. Eventually we learned his method of attack and were able to block it. We also learned personal information about him and were able to pursue legal actions.

There are several mitigation systems produced by Cisco, TippingPoint, etc.
Reply With Quote
  #5  
Old 03-27-2006, 09:36 PM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A lot of DCs now have hardware anti-dos systems like you listed provided.
Reply With Quote
  #6  
Old 04-01-2006, 07:03 PM
SZ|TalonKarrde SZ|TalonKarrde is offline
 
Join Date: Jun 2002
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

gigeservers has http://www.ddosprotection.com/ - Which, while I have no personal experience with, is supposed to be rather good. All it takes is pointing your DNS at them, and you're good to go. I figure that if it's anything like their inhouse ProxyShield system, it might be rather pricy.

I'm not sure how redundant this would be if your datacenter already has good dos protection, but if they're still getting through, it might be worth talking with the ddosprotection people.
Reply With Quote
  #7  
Old 04-10-2006, 06:58 AM
Robert Basil's Avatar
Robert Basil Robert Basil is offline
 
Join Date: Oct 2001
Location: Chandler, Arizona
Posts: 181
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by SZ|TalonKarrde
gigeservers has http://www.ddosprotection.com/ - Which, while I have no personal experience with, is supposed to be rather good. All it takes is pointing your DNS at them, and you're good to go.
I've looked at their system and it does nothing to protect you if the attacker is accessing your server via your IP address and not your domain name.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:04 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07219 seconds
  • Memory Usage 2,257KB
  • Queries Executed 20 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (6)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete