Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

i installed new software that is supposed to stop ddos attacks


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 21:25
i installed this software and i would like to put it to the test so gimme all the flooding u got 4.226.222.104

ps. if u decide to get in my system dont do any harm (i just formatted. i dont wanna do it again)
Author

RE: i installed new software that is supposed to stop ddos attacks


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 21:45
well send a shit load my way 4.226.222.104
Author

RE: i installed new software that is supposed to stop ddos attacks


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 21:48
exidous wrote:
well send a shit load my way 4.226.222.104


Didn't you listen to Grind?

EDIT: This was meant to be posted before Grind's last post




Edited by on 24-07-07 21:49
Author

RE: i installed new software that is supposed to stop ddos attacks

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 24-07-07 21:57
you cant "stop" DDoS attacks, as grind said, but you can actually go ALONG way in making sure you system isnt effected greatly.

you can have a hardware firewall, software firewall both with strict IP Tables, theres also apache mods out there to aid in cutting out packets used in DDoS and also you can have an extremely fast server, or have multiple servers and share the load between them.

All those put together can make you virtually immune to DDoS attacks. 3/4 of the packets wont reach the server, then a further 1/4 of those will be filtered via apache mods and then the servers only got to deal with a very small amount of fraudulent requests.


http://www.hellboundhackers.org/
Author

RE: i installed new software that is supposed to stop ddos attacks

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 24-07-07 22:59
if you have a nice fast router, you can just start sending everything to /dev/null, that cuts down on it a LOT


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: i installed new software that is supposed to stop ddos attacks


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-07-07 23:39
Not to start an argument but what Cheese lists I would say is used to reduce the affects of a (D)Dos. I'll quote a section from Apache Security by Ivan Ristic (please buy this awesome book)
At first glance, you may want to block the attacker's IP address on your firewall but that will not help. The purpose of this type of attack is to saturate the Internet connection. By the time a packet reaches your router (or server), it has done its job.

Be prepared and have contact details of your upstream provider (or server hosting company) handy. Larger companies have many levels of support and quickly reaching someone knowledgeable may be difficult. Research telephone numbers in advance. If you can, get to know your administrators before you need their help.

Of course it makes it harder when they spoof the source of the IP packets. If this is the case then it's most likely a SYN flood and you can perhaps reduce the impact by enabling Linux's SYN cookies.
To turn them on enter the following
Code
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies


If you still want to read more about this I suggest you look up tarpitting. Tarpitting is something I have yet to try myself because I'm still slowly getting to grips with iptables.

As Cheese said, yes. There is an Apache mod to temporarily ban IPs that are hammering the server. This mod is called mod_evasive. It's no longer maintained and the latest version only works with Apache 2.0.x, not 2.2.x. However if you know C it's trivial to change this to work with Apache 2.2.x, I did this and I don't even know C. I have done just a single test of the mod and it didn't help much in terms of CPU, RAM and bandwidth usage, but it's very possible that I didn't do a fair or adequate test. I don't have the test details any more.

Apache Seucity by Ivan Ristic
SYN cookies
iptables tutorial
Tarpitting
LaBrea - implements tarpitting
mod_evasive
configuration options for mod_evasive (the article uses the old name of the mod)

Edit: After reading Cheese's post again I see I'm not actually disagreeing with anything he said.




Edited by on 25-07-07 00:27