Page 1 of 1

DDOS attack!

Posted: Thu Aug 17, 2017 10:32 pm
by Rob
Most people won't see this but if you do I am working on a series of DDOS attacks that is bringing the 1GB fiber line to a hault. They are attacking the gateway which is affecting the firewall(s) behind it!

More to come later.

So done with this game.

Thanks!

Re: DDOS attack!

Posted: Fri Aug 18, 2017 9:06 am
by Shawn
Keep pluggin on...

Re: DDOS attack!

Posted: Sat Aug 19, 2017 12:54 pm
by kardan
Rob,
Thanks for all the hard work you put in on this. It is much appreciated!

In a few more years you can get your little ones to help out...a virtual version of "taking out the trash for Dad".

Brian

Re: DDOS attack!

Posted: Sat Aug 19, 2017 4:02 pm
by Rob
Update:

The fiber box crashed this morning from another DDOS attack. I have enabled the 30 day free tried of the IDP which should stop this. If we need it it's $130 for 2 years so thankfully it's cheap! :)

This should also help with the virus's and PHP injection! Only time will tell though!

Thanks!

Re: DDOS attack!

Posted: Sat Aug 19, 2017 5:42 pm
by Shawn
what is IDP?
Link?

Re: DDOS attack!

Posted: Sat Aug 19, 2017 11:13 pm
by Rob
https://www.zyxel.com/products_services ... n/benefits

I ordered a backup fiber gateway too because I'm pretty sure they broke the one with the hammering of it... I had to manually power cycle it TWICE today.

We shall see! :(

Re: DDOS attack!

Posted: Sun Aug 20, 2017 3:03 am
by Shawn

Re: DDOS attack!

Posted: Sun Aug 20, 2017 5:05 am
by Karl Klammer
This thread seems to tell four different stories, so far.
Rob wrote:... 1) bringing the 1GB fiber line to a hault.
... 2) They are attacking the gateway which is affecting the firewall(s) 3) behind it!
... 4) I have enabled the 30 day free tried of the IDP which should stop this.
I'm doing network stuff for a living and I just can't wrap my head around how any of the 4 scenarios could possibly benefit from an idps:
how would installing an idps on the firewall lessen the stress on the fiber / gateway in front of it?
how would enabling an idps (network virus scanner) not reduce throughput?

==> what exactly is the problem you're trying to solve?
what's the bottleneck (bandwidth,cpu,disk,mem) on which host / link?

Re: DDOS attack!

Posted: Sun Aug 20, 2017 8:53 pm
by Rob
Karl,

It won't help the gateway! I'd have to get something to put in front of it.

Re: DDOS attack!

Posted: Mon Aug 21, 2017 12:24 am
by Karl Klammer
the bottleneck question remains unanswered.

just to give it one more try:
do you do dynamic routing as in ospf/bgp?
if yes: why not propagate a blackhole route for the offending source ips to your upstream isp and let them deal with it?
(remember to flush offenders list after some time, otherwise you might make it way worse)

if your isp won't allow you to talk bgp/ospf:
why not rent 1 or 2 cheap vservers w unlimited traffic (cheaper than idps licensing), setup (open)vpn between local firewall and vservers; setup dns round-robin TBT to vservers, get a new fiber public ip (unknown to bad boys) and do the null routing via (open)vpn client routes pushed to vservers? https://www.leaseweb.com/en is a good netherlands-based isp for such things. 5eur/month vservers, 50eur/month cdn. cheaper offers will most likely also exist someplace else.

better answers will also most likely exist ... once the actual problem / bottleneck has been identified and communicated.
(a network toplogy map would probably also help, big time)