~Toughbooktalk~ Rob - 630-300-8877

The largest Toughbook discussion site on the net!
It is currently Wed Oct 17, 2018 4:10 am

All times are UTC-06:00




Post new topic  Reply to topic  [ 10 posts ] 
Author Message
 Post subject: DDOS attack!
PostPosted: Thu Aug 17, 2017 10:32 pm 
Offline
Toughbooktalk Founder
User avatar

Joined: Mon Mar 16, 2009 8:23 pm
Posts: 3579
Most people won't see this but if you do I am working on a series of DDOS attacks that is bringing the 1GB fiber line to a hault. They are attacking the gateway which is affecting the firewall(s) behind it!

More to come later.

So done with this game.

Thanks!

_________________
~Rob - Rugged Depot ~ Cell: (630)/300-8877~

~Fully rugged Toughbook user since April 18th 2005~
~New 3/16/18 - CF-54F0001KM Win10, Intel Core i5 6300U 2.4GHz, 240GB SSD, 12GB, Verizon 4G LTE, Intel 8260 WiFi a/b/g/n/ac, Bluetooth~
~For the wife (New 1/25/18): CF-54F0962KM/i5/128GB SSD/8GB/Win 10~
~Others: CF-52MLBBQ2M (Home Workstation)
~New 11/13/14 Donations thanks to everyone at Toughbooktalk: IBM xSeries 3650/2 x Xeon X5560 2.8GHz/16GB RAM/8 x 600GB 10KRPM SAS RAID 5/3.71TB Space/Win 2008 R2/3000VA + 1250VA Battery Backup~
~AT&T 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Diamond Partner~

http://www.toughbooktalk.com
http://www.toughbooktalk.com/public_downloads
http://www.toughwiki.com
http://www.robsnetworks.com
http://www.giganethosting.com


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Fri Aug 18, 2017 9:06 am 
Offline
User avatar

Joined: Fri Jan 18, 2013 11:35 am
Posts: 2969
Keep pluggin on...

_________________
Life will beat you into submission.


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sat Aug 19, 2017 12:54 pm 
Offline

Joined: Fri Dec 10, 2010 9:38 pm
Posts: 59
Rob,
Thanks for all the hard work you put in on this. It is much appreciated!

In a few more years you can get your little ones to help out...a virtual version of "taking out the trash for Dad".

Brian

_________________
CF-31XFLAXLM -- CF-31SBLEC1M -- CF-31JBEGA1M
CF-30KCPAQ2B -- CF-30CCR02BM
CF-19CJBLXBM -- CF-29NTWGZBM
MEMBER: Notebook Review
http://www.thessdreview.com


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sat Aug 19, 2017 4:02 pm 
Offline
Toughbooktalk Founder
User avatar

Joined: Mon Mar 16, 2009 8:23 pm
Posts: 3579
Update:

The fiber box crashed this morning from another DDOS attack. I have enabled the 30 day free tried of the IDP which should stop this. If we need it it's $130 for 2 years so thankfully it's cheap! :)

This should also help with the virus's and PHP injection! Only time will tell though!

Thanks!

_________________
~Rob - Rugged Depot ~ Cell: (630)/300-8877~

~Fully rugged Toughbook user since April 18th 2005~
~New 3/16/18 - CF-54F0001KM Win10, Intel Core i5 6300U 2.4GHz, 240GB SSD, 12GB, Verizon 4G LTE, Intel 8260 WiFi a/b/g/n/ac, Bluetooth~
~For the wife (New 1/25/18): CF-54F0962KM/i5/128GB SSD/8GB/Win 10~
~Others: CF-52MLBBQ2M (Home Workstation)
~New 11/13/14 Donations thanks to everyone at Toughbooktalk: IBM xSeries 3650/2 x Xeon X5560 2.8GHz/16GB RAM/8 x 600GB 10KRPM SAS RAID 5/3.71TB Space/Win 2008 R2/3000VA + 1250VA Battery Backup~
~AT&T 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Diamond Partner~

http://www.toughbooktalk.com
http://www.toughbooktalk.com/public_downloads
http://www.toughwiki.com
http://www.robsnetworks.com
http://www.giganethosting.com


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sat Aug 19, 2017 5:42 pm 
Offline
User avatar

Joined: Fri Jan 18, 2013 11:35 am
Posts: 2969
what is IDP?
Link?

_________________
Life will beat you into submission.


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sat Aug 19, 2017 11:13 pm 
Offline
Toughbooktalk Founder
User avatar

Joined: Mon Mar 16, 2009 8:23 pm
Posts: 3579
https://www.zyxel.com/products_services ... n/benefits

I ordered a backup fiber gateway too because I'm pretty sure they broke the one with the hammering of it... I had to manually power cycle it TWICE today.

We shall see! :(

_________________
~Rob - Rugged Depot ~ Cell: (630)/300-8877~

~Fully rugged Toughbook user since April 18th 2005~
~New 3/16/18 - CF-54F0001KM Win10, Intel Core i5 6300U 2.4GHz, 240GB SSD, 12GB, Verizon 4G LTE, Intel 8260 WiFi a/b/g/n/ac, Bluetooth~
~For the wife (New 1/25/18): CF-54F0962KM/i5/128GB SSD/8GB/Win 10~
~Others: CF-52MLBBQ2M (Home Workstation)
~New 11/13/14 Donations thanks to everyone at Toughbooktalk: IBM xSeries 3650/2 x Xeon X5560 2.8GHz/16GB RAM/8 x 600GB 10KRPM SAS RAID 5/3.71TB Space/Win 2008 R2/3000VA + 1250VA Battery Backup~
~AT&T 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Diamond Partner~

http://www.toughbooktalk.com
http://www.toughbooktalk.com/public_downloads
http://www.toughwiki.com
http://www.robsnetworks.com
http://www.giganethosting.com


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sun Aug 20, 2017 3:03 am 
Offline
User avatar

Joined: Fri Jan 18, 2013 11:35 am
Posts: 2969
looks good..

ftp://ftp2.zyxel.com/LIC-IDP/datasheet/LIC-IDP_1.pdf

_________________
Life will beat you into submission.


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sun Aug 20, 2017 5:05 am 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
This thread seems to tell four different stories, so far.
Rob wrote:
... 1) bringing the 1GB fiber line to a hault.
... 2) They are attacking the gateway which is affecting the firewall(s) 3) behind it!
... 4) I have enabled the 30 day free tried of the IDP which should stop this.

I'm doing network stuff for a living and I just can't wrap my head around how any of the 4 scenarios could possibly benefit from an idps:
how would installing an idps on the firewall lessen the stress on the fiber / gateway in front of it?
how would enabling an idps (network virus scanner) not reduce throughput?

==> what exactly is the problem you're trying to solve?
what's the bottleneck (bandwidth,cpu,disk,mem) on which host / link?


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Sun Aug 20, 2017 8:53 pm 
Offline
Toughbooktalk Founder
User avatar

Joined: Mon Mar 16, 2009 8:23 pm
Posts: 3579
Karl,

It won't help the gateway! I'd have to get something to put in front of it.

_________________
~Rob - Rugged Depot ~ Cell: (630)/300-8877~

~Fully rugged Toughbook user since April 18th 2005~
~New 3/16/18 - CF-54F0001KM Win10, Intel Core i5 6300U 2.4GHz, 240GB SSD, 12GB, Verizon 4G LTE, Intel 8260 WiFi a/b/g/n/ac, Bluetooth~
~For the wife (New 1/25/18): CF-54F0962KM/i5/128GB SSD/8GB/Win 10~
~Others: CF-52MLBBQ2M (Home Workstation)
~New 11/13/14 Donations thanks to everyone at Toughbooktalk: IBM xSeries 3650/2 x Xeon X5560 2.8GHz/16GB RAM/8 x 600GB 10KRPM SAS RAID 5/3.71TB Space/Win 2008 R2/3000VA + 1250VA Battery Backup~
~AT&T 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Diamond Partner~

http://www.toughbooktalk.com
http://www.toughbooktalk.com/public_downloads
http://www.toughwiki.com
http://www.robsnetworks.com
http://www.giganethosting.com


Top
   
 Post subject: Re: DDOS attack!
PostPosted: Mon Aug 21, 2017 12:24 am 
Offline
User avatar

Joined: Tue Oct 13, 2015 3:19 am
Posts: 193
Location: Old Europe
the bottleneck question remains unanswered.

just to give it one more try:
do you do dynamic routing as in ospf/bgp?
if yes: why not propagate a blackhole route for the offending source ips to your upstream isp and let them deal with it?
(remember to flush offenders list after some time, otherwise you might make it way worse)

if your isp won't allow you to talk bgp/ospf:
why not rent 1 or 2 cheap vservers w unlimited traffic (cheaper than idps licensing), setup (open)vpn between local firewall and vservers; setup dns round-robin TBT to vservers, get a new fiber public ip (unknown to bad boys) and do the null routing via (open)vpn client routes pushed to vservers? https://www.leaseweb.com/en is a good netherlands-based isp for such things. 5eur/month vservers, 50eur/month cdn. cheaper offers will most likely also exist someplace else.

better answers will also most likely exist ... once the actual problem / bottleneck has been identified and communicated.
(a network toplogy map would probably also help, big time)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 10 posts ] 

All times are UTC-06:00


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited