DNS BLACKHOLE
-
DAMN IT!
-
It really such a basic concept fail to see why users think that a firewall can help against a DDOS based upon a traffic flood..
You have internet (HUGE Amounts of bandwidth) –-- isp --- 100 mbps --- You
What happens when 4 lanes of traffic on the highway go down to 1 lan... So internet/isp is a 8 lane super highway... And there is a single lane dirt road down to your location.
If 4 lanes of cars all try and go down your dirt road.. That road is full now isn't it - does not matter if there is a ditch just before your house that they fall into.. The road is still full and the cars that that you want to get into your house have to wait through all that traffic, or maybe get dropped at the isp since the isp can only send so much traffic down the road, when its full no new cars can go down it... So traffic has to get dropped at their end... They can not just queue it all up and send it down later..
There is nothing you can do at your end with this sort of attack.. The isp has to control what traffic can go down your dirt road..
Now if it only say 10mbps of bad traffic, then sure you can just drop it at your firewall and not do anything with, don't send it on to your server behind, etc.. This is by default what pfsense does with traffic that does not match rules to be forwarded or allowed in. it just drops it (blackhole).. So sure if this bad traffic is not filling up your pipe, you can live with some noise/bad traffic taking up part of your bandwidth and sill be fine... But when they exceed the amount of traffic your pipe can handle does not matter what you do at your end with that traffic.. The good traffic just can not get to you, in the amount that they need to function correctly with the services your providing..
-
So there isn't any solutions hmm…. Well see i have MC, TS, and web server, if they decide to ddos at port 2555,80 they will come trough my pfsense to server box, which will overload network card, or not? Well i guess that's it.
-
If someone is sending more data at you that when you cant handle, you will get packetloss. The more data they send, the more packetloss you get. You have to block the excess data before it gets to you. If it's a DDOS, then your ISP can blackhole you. In other words, they will disconnect you from the Internet.
-
It's useless if i get disconnected i have pfSense, which protect my other servers being hit by ddos..
-
http://blogs.verisign.com/blog/entry/ddos_blog_series_1_4?cmp=blog
this explains it very well. but beware: its advertisement for verisign-cloud-ddos-mitigation
-
"if they decide to ddos at port 2555,80"
Well yeah.. But what does it matter if they are sending 300mbps down your 100mbps pipe… I thought I explained it quite well.. Your road is FULL!!!
If they were sending 10 or 30 or even maybe 50 or 75 even you could do something to ride out the storm by not forwarding that traffic through to your servers.. But its useless if its a load or volume based attack where they just overwhelm the capacity of your network connection..
In this sort of attack, the traffic has to be prevented from going down your connection... As again thought clearly stated, change your IP, get your isp to prevent the traffic!! Or use ddos cloud service like in the blog heper linked too..
-
"if they decide to ddos at port 2555,80"
Well yeah.. But what does it matter if they are sending 300mbps down your 100mbps pipe… I thought I explained it quite well.. Your road is FULL!!!
If they were sending 10 or 30 or even maybe 50 or 75 even you could do something to ride out the storm by not forwarding that traffic through to your servers.. But its useless if its a load or volume based attack where they just overwhelm the capacity of your network connection..
In this sort of attack, the traffic has to be prevented from going down your connection... As again thought clearly stated, change your IP, get your isp to prevent the traffic!! Or use ddos cloud service like in the blog heper linked too..
Thanks, sorry for that ;/
Well i have some strange issue, when using speed test's anything else, i get 100mb/s - What i pay for, but sometimes when i download files from torrent websites i manage to get 200mb/s (300mb/s rare), so will it might help against ddos, or dfq is this? Kinda network-speedstep (like intel cpu) ? :D
-
if your on a 100mbps connection, how would you get 200mbps from torrents? What is your connection you pay for?? And what is the actual physical interface connection, it is gig or 100?
-
I pay for 100mb/s Optimal Fiber, from TEO, My pc is gig, router(wi-fi) is 300mb/s with 5 ports i think.
-
Your wifi is 300mb/s So N300, that is PHY… your actual possible bandwidth with 1 client and perfect connectivity would be maybe 150.. But then again many of those N300 wifi routers don't even have gig interfaces so your talking at most maybe upper 90's since your on a 100mb ethernet port.
So you have 100mb connection to the internet -- how do you think you could get 200mbps with a torrent?
Not sure what your wifi has to do with a ddos against you? Your servers are not connected via wifi are they?
-
Here the proof:
Made recently.Okay here one more photo.
-
proof of what?? that your downloading illegal software? And that your data is reporting wrong… What does your wan interface say for its traffic flow?
-
It's shitty router by ISP it can't show realtime usage.
Even windows reporting 200mb/s +….....
So how it's possible, im getting some turbo boost speeds, but in other test's im getting what i pay for. What is that?