I help run a server, but recently we have found ourselves to be the target of DDOS attacks. The server machine is secure, so we aren't worried about losing access. However, the bandwidth is being ruined by the attackers, making the game frustrating to play.
What do we know about the attack methods? Is there a way to prevent the attacks from consuming our bandwidth? Do we know who the attackers are and why they are doing this?
I would rather not say, for the sake of not giving the attacker the gratification of knowing how effective his attacks were. If he knows which one he was successful at hindering, he may never stop, instead of the intermittent attacks it seems like he has done so far.
As Cannon said, work together with your bandwidth provider, or ISP. You pay for their services, so I'm sure they have some information that can help you, and going to the police with the information in hand may start an investigation.
They are using some sort of IP or mac spoofing program, so we have no way to determine who is doing this. If we can't record the correct IP of the attacker, I doubt the police would be able to do anything to help us. Our datacenter isn't being very helpful, either. They gave us a tool called IISIP (http://www.hdgreetings.com/other/Block-IP-IIS/) which seemed like a band-aid fix, at best. It blocked the IP of the attacker, but he changed his IP quick enough that it didn't matter.
We are thinking a high-quality firewall program would resolve the situation due to the type of attacks used. Unfortunately, we can not install one on the datacenter computer without losing access to it. The firewall would block remote desktop programs as soon as it is installed. The datacenter charges for software firewalls, so I would imagine they would not assist us, or just uninstall it if we locked ourselves out by installing one of our own firewall programs.
The decision has been made: we are moving our server back to residential bandwidth. The attacks are not using enough bandwidth to choke up anything faster than dialup internet. They are only exploiting a vulnerability in Windows Server 2003 or NIC drivers/hardware. It will be easier to maintain a server if we have physical access, plus cheaper per month if we pay for residential bandwidth.
You need to get a better grade host, if they can't help you with standard InfoSec measures.
As stated by cannon: Contact him with details, and he can advise you. Just click on his name to the left of his post in this thread, and send him a forum PM.