Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

619 questions
185
votes
5 answers

I am under DDoS. What can I do?

This is a Canonical Question about DoS and DDoS mitigation. I found a massive traffic spike on a website that I host today; I am getting thousands of connections a second and I see I'm using all 100Mbps of my available bandwidth. Nobody can…
Falcon Momot
  • 24,975
  • 13
  • 61
  • 92
49
votes
7 answers

How can I prevent a DDOS attack on Amazon EC2?

One of the servers I use is hosted on the Amazon EC2 cloud. Every few months we appear to have a DDOS attack on this sever. This slows the server down incredibly. After around 30 minutes, and sometimes a reboot later, everything is back to…
cwd
  • 2,693
  • 9
  • 32
  • 47
23
votes
9 answers

Server under DDOS attack - How to find out IPs?

My server is under DDOS attacks and I want to block the IP that is doing it, what logs should I be looking for to determine the attacker's IP?
Ben
  • 3,630
  • 17
  • 62
  • 93
20
votes
5 answers

How is it possible for the Root Name Servers to handle all DNS requests?

I was reading about DNS some days ago and learned how the requests are processed. If you surf to www.example.com, then a request will go to the Root Name Servers to see who owns that .com address, then another request will go to another, more local,…
Rox
  • 441
  • 1
  • 6
  • 13
19
votes
1 answer

What is an open DNS resolver, and how can I protect my server from being misused by hackers?

I don't have the strongest background in computer security, but yesterday one of my company servers was shut down by our host. It's a server assigned a public IP where I host several web-service applications including websites and APIs. I was told…
JSideris
  • 313
  • 1
  • 3
  • 8
17
votes
7 answers

How can I protect SSH?

I check /var/log/secure and I have these logs: Jul 9 13:02:56 localhost sshd[30624]: Invalid user admin from 223.196.172.1 port 37566 Jul 9 13:02:57 localhost sshd[30624]: Connection closed by invalid user admin 223.196.172.1 port 37566…
Ali
  • 181
  • 1
  • 5
16
votes
3 answers

Dealing with NTP reflection attacks in IPTables

We're dealing with an NTP reflection / amplification attack at our colocated servers. This question is specific to responding to NTP reflection attacks, and not directed at DDoS in general. Here's the traffic: It's churning a bit of CPU on our…
Jeff Atwood
  • 12,994
  • 20
  • 74
  • 92
16
votes
9 answers

Public Facing Recursive DNS Servers - iptables rules

We run public-facing recursive DNS servers on Linux machines. We've been used for DNS amplification attacks. Are there any recommended iptables rules that would help mitigate these attacks? The obvious solution is just to limit outbound DNS packets…
David Schwartz
  • 31,215
  • 2
  • 53
  • 82
14
votes
2 answers

Is it possible to have a secondary managed DNS provider to quickly delegate to when DDOS attack on our *primary* external DNS provider happens?

So our DNS provider, every so often, experiences DDOS attacks on their systems that causes our front-facing web sites to go down. What are some options in terms of reducing dependency on a SINGLE external managed DNS provider? My first thought was…
Emmel
  • 211
  • 2
  • 8
14
votes
8 answers

bind: blackhole for invalid recursive queries?

I have a name server that's publicly accessible since it is the authoritative name server for a couple of domains. Currently the server is flooded with faked type ANY requests for isc.org, ripe.net and similar (that's a known distributed DoS…
Udo G
  • 423
  • 4
  • 9
  • 19
13
votes
6 answers

Tools for simulating DDoS attacks

I wanted to test my website if it can sustain strong DDoS's, but I don't know which tools could I use to simulate them in my website. What tools are used to simulate DDoS? I found bonesi but it was last updated 2 years ago.
Jürgen Paul
  • 1,225
  • 4
  • 14
  • 21
12
votes
3 answers

DNS down in Anonymous attack

As I'm writing this our company website and the web-service we developed are down in the big GoDaddy outage resulting from an Anonymous attack (or so says Twitter). We used GoDaddy as our registrar and we use it for DNS for some domains. Tomorrow…
Tal Weiss
  • 223
  • 1
  • 5
11
votes
1 answer

Amplified reflected attack on DNS servers

The term Amplified reflected attack is new to me, and I have a few questions about it. I've heard it mostly happens with DNS servers - is that true? How do you protect against it? How do you know if your servers can be used in such an attack -- Is…
Mike Janson
  • 277
  • 1
  • 5
  • 10
11
votes
6 answers

DDoS. Are we that helpless?

With recent DDoS incidents related to wikileaks, I can't help but feel that pretty much all sites online are very vulnerable to such attacks. Visa, MasterCard (to name a few) have shut down because of this. So my questions are: Is DDoS such a…
xjq233p_1
  • 243
  • 2
  • 6
10
votes
2 answers

Site has been under a massive DDOS attack for 5 weeks now

One of my sites has been getting attacked for over 5 weeks. Im currently employing serverorigin.com proxy services to fight it, since doing it on the server proved to be futile. They tell me that the attack spikes at 400k packets per second... and…
user11350
1
2 3
41 42