real-time DDoS help?

• Previous message (by thread): real-time DDoS help?
• Next message (by thread): real-time DDoS help?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Charles Sprickman wrote:

> Is there any place where people with experience dealing with DDoS attacks
> hang out?  I'm getting very little assistance from my upstream beyond
> "call whomever is in charge of each IP attacking and make them stop", and
> "even though we null route the destination IP being attacked, this traffic
> will be billed".

While I hate the "blame the victim" mentality in general, I'd guess that 
  up to half of all the packet floods we've experienced were aimed at 
compromised client boxes that were hosting illegitimate services. If 
your victim has no idea why they're being attacked, I'd scrutinize the 
target host very carefully.

Or if your victim is a shell host who's probably got some skript kiddie 
engaged in channel wars, it will likely save you a lot of time and grief 
to just dump that client. Is losing one worth sacrificing the rest?

Unless you know exactly why you're being attacked and are willing to 
suffer these consequences indefinitely, you will do yourself a big favor 
by looking at the victim to see why the attack is occurring and removing 
the target from your network.

• Previous message (by thread): real-time DDoS help?
• Next message (by thread): real-time DDoS help?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]