This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

urgent help needed: need to find out the throtle during a ddos attack.

Hello everybody,

I've been under DDOS attack the past few days... i've done lots of things, and the IDC is helping us by disabling the IP on the border when the bandwith reachs the threshold... and to turn the downtime around i assigned several different public ips and rotate them... it's working fine...

the problem i'm having now is: when i receive an attack, astaro detects the attacks, and all my network loses packets until the border disables the IP.

Now I'm struggling to find out what the bottleneck is..

any clue?

Also im trying to figure out a way to disable the IP in case of attack, it would cease the attack imediately without compromising the whole structure..

thanks

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Looks like an NTP reflection attack btw, but the target port is DNS.

Make sure you don't have DNS open on your WAN port.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Looks like an NTP reflection attack btw, but the target port is DNS.

Make sure you don't have DNS open on your WAN port.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 howit over 11 years ago in reply to BarryG

1gbps bandwidth,

usually they use more ips to the attack, i got a bad part of the log.

My dns server is in another site, and these ports are not even open...

as far as I research NTP + DNS is the new bomb about ddoses...

I thought the problem might be the network card that couldnt handle so many things, so i temporarily set a second astaro gateway and put just the attacked server alone in there... haven't got any new attack yet.
Cancel
Vote Up 0 Vote Down

Cancel