(2014-12-15, 04:29 AM)Rymax99 Wrote: [ -> ]Simply not the case. Layer 7 attacks don't require much bandwidth at all, take 'Slowloris' for an example.
Ah, good point. I wasn't really thinking of application layer attacks. I suppose that's a serious oversight considering that a drupal website can be overloaded with a single client simply reloading the index page a few times per second.
Okay so, I've built an anti-DDoS code, similar to what CloudFlare does and we also moved to OVH.
Our server is working very fast now and no downtime.
However what bothers me is when OVH system is mitigating an attack, it shows only 1 IP is attacking.
Does that mean they are somehow detecting the attacker's source IP?
(2014-12-17, 04:13 PM)Jabberwock Wrote: [ -> ]However what bothers me is when OVH system is mitigating an attack, it shows only 1 IP is attacking.
Does that mean they are somehow detecting the attacker's source IP?
Or the perp is an idiot and is running a paid booter off a home connection. I've seen it happen.
(2014-12-17, 06:40 PM)Nebulon Ranger Wrote: [ -> ] (2014-12-17, 04:13 PM)Jabberwock Wrote: [ -> ]However what bothers me is when OVH system is mitigating an attack, it shows only 1 IP is attacking.
Does that mean they are somehow detecting the attacker's source IP?
Or the perp is an idiot and is running a paid booter off a home connection. I've seen it happen.
I have seen it also lmao. If thats the case, just send a log of your server with the dos to sites like the fbi.gov,
www.secretservice.gov , and
http://www.ic3.gov/default.aspx
It was too soon to celebrate. Layer 7 attacks are still effective against my website.
Even without him bypassing the anti-DDoS code I've wrote, he still can make the CPU busy.
Any suggestions?
He has a very large botnet, a few IPs he uses are:
178.33.252.184
87.117.250.226
176.31.34.69
85.235.130.64
81.0.237.38
78.153.214.33
5.135.40.101
5.9.62.118
46.37.6.36
95.128.72.35
62.20.1.225
95.128.72.43
217.70.32.3
104.152.168.13
82.199.67.169
89.146.5.21
216.252.195.153
217.197.152.137
But there are many many more.
(2014-12-18, 04:45 PM)ozgroundz Wrote: [ -> ] (2014-12-18, 03:41 PM)Orianthi Wrote: [ -> ] (2014-12-17, 06:40 PM)Nebulon Ranger Wrote: [ -> ] (2014-12-17, 04:13 PM)Jabberwock Wrote: [ -> ]However what bothers me is when OVH system is mitigating an attack, it shows only 1 IP is attacking.
Does that mean they are somehow detecting the attacker's source IP?
Or the perp is an idiot and is running a paid booter off a home connection. I've seen it happen.
I have seen it also lmao. If thats the case, just send a log of your server with the dos to sites like the fbi.gov, www.secretservice.gov , and http://www.ic3.gov/default.aspx
Gonna give you a tip... it does nothing and if you tell the person who is attacking you "lol reported you to ic3.gov enjoy being raided haha" they will attack you harder and stronger and laugh at you even more. Trust me on this one.
That is why you don't tell them? That or ask the webhost to mitigate bots. Now days they have filters for high income traffic.
(2014-12-18, 08:09 PM)Jabberwock Wrote: [ -> ]It was too soon to celebrate. Layer 7 attacks are still effective against my website.
Even without him bypassing the anti-DDoS code I've wrote, he still can make the CPU busy.
Any suggestions?
He has a very large botnet, a few IPs he uses are:
178.33.252.184
87.117.250.226
176.31.34.69
85.235.130.64
81.0.237.38
78.153.214.33
5.135.40.101
5.9.62.118
46.37.6.36
95.128.72.35
62.20.1.225
95.128.72.43
217.70.32.3
104.152.168.13
82.199.67.169
89.146.5.21
216.252.195.153
217.197.152.137
But there are many many more.
Do you own the server? If so try the following:
Give your router a rate limit.
Add a filtration for ip's that he/she used.
Timeout half open connections
Drop packages you don't use. This could be spoofed, or malformed packages.
Lastly, lower syn, icmp, and udp flood threshold.
Otherwise checkout some anti ddos protection services.
https://www.blacklotus.net/
Don't know where in the world people are, both Netherlands and UK have very good and very active Cybersecurity units within their law enforcement and intelligence community. From first hand experience they do take extortion cases very very serious. And not only that, through Interpol they've got excellent cross border tracking activities. If you are in Europe I would most definitely get the police involved since extortion falls under serious and organised crime.