This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

urgent help needed: need to find out the throtle during a ddos attack.

Hello everybody,

I've been under DDOS attack the past few days... i've done lots of things, and the IDC is helping us by disabling the IP on the border when the bandwith reachs the threshold... and to turn the downtime around i assigned several different public ips and rotate them... it's working fine...

the problem i'm having now is: when i receive an attack, astaro detects the attacks, and all my network loses packets until the border disables the IP.

Now I'm struggling to find out what the bottleneck is..

any clue?

Also im trying to figure out a way to disable the IP in case of attack, it would cease the attack imediately without compromising the whole structure..

thanks

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 11 years ago

Now I'm struggling to find out what the bottleneck is
Most likely hardware that the UTM is running on or line saturation. When dealing with a DDoS attack, the UTM (or any perimeter security device) can use up all available CPU and MEM blocking a huge volume of attack packets, leaving little left over to process valid packets. Are you seeing high resource utilization when the attacks occur? Blocking upstream is the best mitigation technique.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 11 years ago

Now I'm struggling to find out what the bottleneck is
Most likely hardware that the UTM is running on or line saturation. When dealing with a DDoS attack, the UTM (or any perimeter security device) can use up all available CPU and MEM blocking a huge volume of attack packets, leaving little left over to process valid packets. Are you seeing high resource utilization when the attacks occur? Blocking upstream is the best mitigation technique.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data