DDoS Attacks
- Thread starter jtwhite
- Start date
Hello Jtwhite, I'll share some minor things you can do to prevent / help with DDoS Attacks.
1. SYN Floods. Alot of DDos attacks are SYN FLOODS.The best way to help with this type of attack is to limit the amount of connections a user can send at a time.
2. Smurf Attacks: A smurf attack is a ping attack the user conducting the attack will send a massive amount of ping traffic to the broadcast IP of the network, which in time will affect the network connection to the server making server replies slower.
3. LAND Attacks: A LAND attack is when someone sniff's your IP / Server for open ports. Once they find a open a vulnerable port, once they find the port / service they start to flood it and it mirror images it self and the server can't figure out what is going on so it will crash.
4. Ping of death: Users will ping the server with a large ping and crash the server. This mainly open works on systems running NT.
5. Ping flooding: One of the easist ways to DDoS a server. Usually servers can handle these attacks very well. A ping attack is pretty much someone using a program that constantly refreshes it's connection to the server.(Kinda like you spamming refresh in your internet browser)
6. Teardrop attacks This attack involves packets sent by the attacker to the target with oversized payloads. This exploits a bug in the TCP/IP protocol stack, crashing the system. Only Windows 3.11, 95 and Linux prior to 2.0.32 were vulnerable to this kind of attack.
7. Other type of attacks involve application flooding, like IRC bot raw line which usually crash Windows boxes running mIRC or any other client. These attacks are based on a greater number of raw socket transactions than a computer can handle.
Alot of the people that DDos are new kids to the hacking / crashing scene and are using crappy DDoS tools that won't do much damage. Although you should always be prepared.
Best way to prepare yourself is to limit the amount of connections to the server per person.
Also, GoogleBot can make it seem as if your server is being DDoS'd. Alot of hosts will actually deny googlebot from using the image directories of the site.
As i said earlier it's usually just some kid messing around. If thats the case and your only seeing a DDos from one machine(IP) Null out that IP on your router and then report that IP to your ISP to block it up stream.
If it's coming from a country you can simply block all the ip's from that country using a good firewall.
Also ask your host to implement a DDOS mitigation device. Which im sure X10 already has a Cisco switch to help prevent DDoS attacks.
If you have any further questions feel free to ask.
Hope this helps.
1. SYN Floods. Alot of DDos attacks are SYN FLOODS.The best way to help with this type of attack is to limit the amount of connections a user can send at a time.
2. Smurf Attacks: A smurf attack is a ping attack the user conducting the attack will send a massive amount of ping traffic to the broadcast IP of the network, which in time will affect the network connection to the server making server replies slower.
3. LAND Attacks: A LAND attack is when someone sniff's your IP / Server for open ports. Once they find a open a vulnerable port, once they find the port / service they start to flood it and it mirror images it self and the server can't figure out what is going on so it will crash.
4. Ping of death: Users will ping the server with a large ping and crash the server. This mainly open works on systems running NT.
5. Ping flooding: One of the easist ways to DDoS a server. Usually servers can handle these attacks very well. A ping attack is pretty much someone using a program that constantly refreshes it's connection to the server.(Kinda like you spamming refresh in your internet browser)
6. Teardrop attacks This attack involves packets sent by the attacker to the target with oversized payloads. This exploits a bug in the TCP/IP protocol stack, crashing the system. Only Windows 3.11, 95 and Linux prior to 2.0.32 were vulnerable to this kind of attack.
7. Other type of attacks involve application flooding, like IRC bot raw line which usually crash Windows boxes running mIRC or any other client. These attacks are based on a greater number of raw socket transactions than a computer can handle.
Alot of the people that DDos are new kids to the hacking / crashing scene and are using crappy DDoS tools that won't do much damage. Although you should always be prepared.
Best way to prepare yourself is to limit the amount of connections to the server per person.
Also, GoogleBot can make it seem as if your server is being DDoS'd. Alot of hosts will actually deny googlebot from using the image directories of the site.
As i said earlier it's usually just some kid messing around. If thats the case and your only seeing a DDos from one machine(IP) Null out that IP on your router and then report that IP to your ISP to block it up stream.
If it's coming from a country you can simply block all the ip's from that country using a good firewall.
Also ask your host to implement a DDOS mitigation device. Which im sure X10 already has a Cisco switch to help prevent DDoS attacks.
If you have any further questions feel free to ask.
Hope this helps.
Last edited:
Wow that information was HOT, i mean smoking i had no idea there were so many versions of ping attacking someone. Jesus i hope that never happens to me, mind you i dont really have crap on my machine worth hacking into for.
thanks for that, i have def saved that for future information.
thanks for that, i have def saved that for future information.
- Messages
- 5,534
- Reaction score
- 43
- Points
- 48
I have nothing worth hacking on my vps, i get about 10-15 attempts per day to brute force my ssh password. I set up something called fail2ban to automatically change IPtables to deny anyone that gets more than 3 failed logins 
The Real Rebel
New Member
- Messages
- 336
- Reaction score
- 10
- Points
- 0
Nice, just make sure you have a good firewall on your vps, if you don't GET ONE NOW!!!!
- Messages
- 2,293
- Reaction score
- 50
- Points
- 48
also you can change the port ssh runs on, that stops about 99.9999999999999999999999999999999% of brute force attacks.
open
/etc/ssh/sshd_config
change Port to something else
like 2345 or something
last reload your ssh
open
/etc/ssh/sshd_config
change Port to something else
like 2345 or something
last reload your ssh
The Real Rebel
New Member
- Messages
- 336
- Reaction score
- 10
- Points
- 0
TechAsh
Retired
- Messages
- 5,853
- Reaction score
- 7
- Points
- 38
Lucky, I get at least 100-200 on a good day, I have seen 5000-6000 but that's less common. I use SSHGuard, but that seems to keep crashing after a day or so...I have nothing worth hacking on my vps, i get about 10-15 attempts per day to brute force my ssh password. I set up something called fail2ban to automatically change IPtables to deny anyone that gets more than 3 failed logins
IonCannon218
New Member
- Messages
- 177
- Reaction score
- 2
- Points
- 0
I have nothing really worth hacking for on my VPS.
I do have fail2ban and just changed the SSH port to an non standard port.
I do have fail2ban and just changed the SSH port to an non standard port.
- Messages
- 1,381
- Reaction score
- 30
- Points
- 0
I have nothing worth hacking on my vps, i get about 10-15 attempts per day to brute force my ssh password. I set up something called fail2ban to automatically change IPtables to deny anyone that gets more than 3 failed logins
How do you know about these attempts? Is there a log I could check?
- Messages
- 1,381
- Reaction score
- 30
- Points
- 0