Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack
  • From: "Timothy Hall" <admin@xxxxxxxxxxxx>
  • Date: Fri, 28 Oct 2005 00:12:59 -0400
  • Message-id: <s3616d21.035@xxxxxxxxxxxxxxxxxxxxxx>
i have heard of organizations/providers doing that. i have even had
them DO IT. it depends on how many locations the DDoS bots are
attacking from, are they on a certain AS (look up autonomous system if
you don't know what an AS is, also has listings of
various ASs by country) or from domains/IP blocks that will not
excessively restrict access to the resource being hosted... this will
work with blocks of IPs under the control of a certain authority, but
again, it depends on how many places it is coming from. for example if
your site is in X language and the attacks are coming from ASs from
areas where Y language is generaly spoken, it may well be that your
upstream provider/organization can block the address blocks (or some of
them) and get rid of the load without seriously impacting the service
you offer anymore than it already has been.

there are also documented cases of universities and companies having
some success with such a method. does this mean it will work in EVERY
circumstance? no. sometimes the only way is to move services to another
IP and sometimes that isn't practical either.

>>> Allen <gorebofh@xxxxxxxxxxx> 10/27/05 23:14 PM >>>
On Thu, Oct 27, 2005 at 11:59:54PM +0200, b@rry wrote:
> >As I said - its a root server. Nothing in front but the pure
> Why not have a firewall in front of it? Root server or no, something
> can manage the connections to the box with relatively low connection

> timeouts?

Maybe just maybe, because a firewall isn't going to do a THING against a
DDOS attack? And for the other person who said call the ISP so they can
"set the router to block the packets"..... Lol, if it was hat easy
Microsoft and SCO wouldn't have been taken down.

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >
List Navigation
Follow Ups