Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

i installed new software that is supposed to stop ddos attacks


ghost's Avatar
0 0

i installed this software and i would like to put it to the test so gimme all the flooding u got 4.226.222.104

ps. if u decide to get in my system dont do any harm (i just formatted. i dont wanna do it again)


ghost's Avatar
0 0

well send a shit load my way 4.226.222.104


ghost's Avatar
0 0

exidous wrote: well send a shit load my way 4.226.222.104

Didn't you listen to Grind?

EDIT: This was meant to be posted before Grind's last post


Mr_Cheese's Avatar
0 1

you cant "stop" DDoS attacks, as grind said, but you can actually go ALONG way in making sure you system isnt effected greatly.

you can have a hardware firewall, software firewall both with strict IP Tables, theres also apache mods out there to aid in cutting out packets used in DDoS and also you can have an extremely fast server, or have multiple servers and share the load between them.

All those put together can make you virtually immune to DDoS attacks. 3/4 of the packets wont reach the server, then a further 1/4 of those will be filtered via apache mods and then the servers only got to deal with a very small amount of fraudulent requests.


richohealey's Avatar
Python Ninja
0 0

if you have a nice fast router, you can just start sending everything to /dev/null, that cuts down on it a LOT


ghost's Avatar
0 0

Not to start an argument but what Cheese lists I would say is used to reduce the affects of a (D)Dos. I'll quote a section from Apache Security by Ivan Ristic (please buy this awesome book)

At first glance, you may want to block the attacker's IP address on your firewall but that will not help. The purpose of this type of attack is to saturate the Internet connection. By the time a packet reaches your router (or server), it has done its job.

Be prepared and have contact details of your upstream provider (or server hosting company) handy. Larger companies have many levels of support and quickly reaching someone knowledgeable may be difficult. Research telephone numbers in advance. If you can, get to know your administrators before you need their help. Of course it makes it harder when they spoof the source of the IP packets. If this is the case then it's most likely a SYN flood and you can perhaps reduce the impact by enabling Linux's SYN cookies. To turn them on enter the followingmarkup# echo 1 > /proc/sys/net/ipv4/tcp_syncookiesIf you still want to read more about this I suggest you look up tarpitting. Tarpitting is something I have yet to try myself because I'm still slowly getting to grips with iptables.

As Cheese said, yes. There is an Apache mod to temporarily ban IPs that are hammering the server. This mod is called mod_evasive. It's no longer maintained and the latest version only works with Apache 2.0.x, not 2.2.x. However if you know C it's trivial to change this to work with Apache 2.2.x, I did this and I don't even know C. I have done just a single test of the mod and it didn't help much in terms of CPU, RAM and bandwidth usage, but it's very possible that I didn't do a fair or adequate test. I don't have the test details any more.

Apache Seucity by Ivan Ristic SYN cookies iptables tutorial Tarpitting LaBrea - implements tarpitting mod_evasive configuration options for mod_evasive (the article uses the old name of the mod)

Edit: After reading Cheese's post again I see I'm not actually disagreeing with anything he said.