Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

624 questions
4
votes
2 answers

Can DDoS be stopped with BGP?

When I am experiencing DDoS @10Gbps, if I have BGP router with 10M table entries in it, can I perform search on the offensive network? I would do this the way, that first I would remove routing to me for first /8 and see if DDoS will stop. And then…
Andrew Smith
  • 1,143
  • 13
  • 23
4
votes
4 answers

EC2 ELB and DOS attacks

I'm using Amazon's ELB to load balance between servers, When my site is under attack by bots, everything is exhausted, so here is the problem I can't block IP addresses with Amazon's security groups, because they don't explicitly allow "deny", so…
user893730
  • 624
  • 2
  • 12
  • 20
4
votes
2 answers

Is it possible to find the actual source IP of a packet with a spoofed IP header?

I recently came under a DDoS attack. It was a SYN flood using spoofed IPs. Is it at all possible to trace the attack back to the actual sending server?
Rob
  • 2,393
  • 9
  • 33
  • 52
4
votes
2 answers

Hardening Apache authentication to block brute force attacks (e.g. delay)

Is there a way to configure Apache to slow down login after failed attempts? It looks like it is not the default setting as already discussed here. On the other side it seems to be possible also without adding it to own application logic, on plain…
Achim
  • 283
  • 3
  • 13
4
votes
6 answers

How to survive anonymous DDOS attack?

Every time the anonymous group targets a website, they are able to take it down.. even for large corporates / governments with professional. I read (basic theory) about dealing with normal DDOS attack, with DDOS protection techniques. But why do…
Yousf
  • 229
  • 1
  • 5
  • 13
4
votes
1 answer

Block outgoing LOIC attacks in a network

I am admin of a small network. Users in our network have access to internet through a squid NAT server. Recently, we have detected that some users are using LOIC to attack servers on the internet. How can I detect and block such attacker…
Isaac
  • 581
  • 2
  • 12
  • 25
4
votes
5 answers

My server was reported to hoster abuse to perform ddos attacks. What should I do?

I do not see anything suspicious on the server (no netstat connections to remote 80 port), but I'm not a professional server admin (I'm a hardcore software developer). Please do not write obvious comments (hire a professional person/company) - we'll…
Nikolay R
  • 143
  • 1
  • 7
4
votes
1 answer

Logging Timeout'd Request in Apache 2.X

I am migrating some applications from Apache 1.3 to 2.2. We used to run some tests where attacker opens some HTTP connection to our server, and do nothing. Apache 1.3 would log the following 408 code, for example: 126.1.86.85 - -…
Gant
  • 2,595
  • 2
  • 16
  • 8
3
votes
1 answer

How to drop packets based on length?

could someone help to make iptables to drop all the packets with length 1006? Example: 18:33:18.964261 IP 74.209.87.132.3054 > 126.220.67.183.13806: UDP, length 1006
alfredogoncalves
  • 31
  • 1
  • 4
3
votes
2 answers

How to mitigate backend stress generated from malicious traffic

I want to reduce, or mitigate the effects of, malicious layer 7 traffic (targeted attacks, generic evil automated crawling) which reaches my backend making it very slow and even unavailable. This regards load-based attacks as described in…
cherouvim
  • 794
  • 3
  • 21
  • 37
3
votes
1 answer

NGINX for TCP DDOS Protection

I require a TCP reverse proxy to protect my server's IP. I need something like this which works fine https://xhosts.uk/ddosprotection or https://www.hostsavor.com/proxies I was wondering if I could use NGINX to achieve this, as NGINX is what I…
Richard
  • 31
  • 2
3
votes
4 answers

Man in The Middle Attack, or something else?

I was wondering if someone could help me out with this problem. We have a webservice that is available only through https:// port 443. Using netstat I see that there is particular ip that tries to connect to the server. For example, all the other…
Nick_K
  • 143
  • 5
3
votes
1 answer

DDOS-style requests from initially legitimate users of Firefox revision 52 (latest) -- extension causing it?

I wonder if anyone else has seen similar phenomena to what a site I help manage is experiencing. For the last two weeks or so, about 10-15 times a day we will get thousands to tens of thousands of requests from a single IP. These IPs are from all…
Erik Westlund
  • 133
  • 4
3
votes
1 answer

DDOS mitigation of GCE

I am hoping to start shared hosting service on Google Compute Engine. Does the Google infrastructure have any DDOS mitigation built-in? This article here says it does. "Compute Engine makes use of Google’s global network and load balancing…
user3528340
  • 133
  • 4
3
votes
3 answers

better alternative for tcp_syncookies in linux

In an effort to prevent DDOS attacks I followed suggestions to leave /proc/sys/net/ipv4/tcp_syncookies value set to 1 in my linux box to enable TCP syncookies. However, when I look at this URL:…
user286228
1 2 3
41 42