Login

jraake · 12-01-2009, 10:50 PM,

I help run a server, but recently we have found ourselves to be the target of DDOS attacks. The server machine is secure, so we aren't worried about losing access. However, the bandwidth is being ruined by the attackers, making the game frustrating to play.

What do we know about the attack methods? Is there a way to prevent the attacks from consuming our bandwidth? Do we know who the attackers are and why they are doing this?

Errant.Venture · 12-02-2009, 12:02 AM,

Talk to Cannon

|Historical Archives|

|Bio|Aerith|ZoE|

SGM| RP Revive Roll Call|***|SGM|Comm Channel

Aerith AI 2018 - SGM| Database

The reports of my trying to imitate the revered Michal Golanski are greatly exaggerated...my avatar should prove this.

[4:17:08 PM] Michał Golański: I knew you have some prehistoric backing to kick them in the nuts.

**Alex.** · 12-02-2009, 12:04 AM,

What server do you run?

jraake · 12-02-2009, 12:47 AM,

I would rather not say, for the sake of not giving the attacker the gratification of knowing how effective his attacks were. If he knows which one he was successful at hindering, he may never stop, instead of the intermittent attacks it seems like he has done so far.

Cannon · (This post was last modified: 12-02-2009, 12:54 AM by Cannon.)

PM me with information about your situation.

As to stopping that attacks, the best strategy is a good relationship with your data center and the police.

Proud member of "the most paranoid group of people in the community"

Old Avatar #2 | Old Avatar #3

Sly · 12-02-2009, 01:06 PM,

Tha hell, they are continuous. 'What to do' question is now difficult one to answer...

Fletcher · 12-02-2009, 01:31 PM,

As Cannon said, work together with your bandwidth provider, or ISP. You pay for their services, so I'm sure they have some information that can help you, and going to the police with the information in hand may start an investigation.

"Oh chuffing blimey, another day, another person being whiney!"
Fletcher's Feedback and Stories Thread

jraake · 12-03-2009, 04:48 PM,

They are using some sort of IP or mac spoofing program, so we have no way to determine who is doing this. If we can't record the correct IP of the attacker, I doubt the police would be able to do anything to help us. Our datacenter isn't being very helpful, either. They gave us a tool called IISIP (http://www.hdgreetings.com/other/Block-IP-IIS/) which seemed like a band-aid fix, at best. It blocked the IP of the attacker, but he changed his IP quick enough that it didn't matter.

We are thinking a high-quality firewall program would resolve the situation due to the type of attacks used. Unfortunately, we can not install one on the datacenter computer without losing access to it. The firewall would block remote desktop programs as soon as it is installed. The datacenter charges for software firewalls, so I would imagine they would not assist us, or just uninstall it if we locked ourselves out by installing one of our own firewall programs.

The decision has been made: we are moving our server back to residential bandwidth. The attacks are not using enough bandwidth to choke up anything faster than dialup internet. They are only exploiting a vulnerability in Windows Server 2003 or NIC drivers/hardware. It will be easier to maintain a server if we have physical access, plus cheaper per month if we pay for residential bandwidth.

ArmsAndLegs Guy · 12-03-2009, 05:15 PM,

You need to get a better grade host, if they can't help you with standard InfoSec measures.
As stated by cannon: Contact him with details, and he can advise you. Just click on his name to the left of his post in this thread, and send him a forum PM.

A & L Guy.

Here to serve® You!!!

[Image: hoodiecry.png]

Login
Username:
Password:	Lost Password?
	Remember me