Posts: 47
Threads: 6
Joined: Aug 2010
Slowloris / GET flood (Http flood) = Site level (needs a response from the HTTPD)
Syn flood = server level (needs server to accept syn and send a Syn-ACK
UDP / Pingflood = Router level (Connectionless Spams router without need for a reply from server).
Am i close?
and all of them would be router level with a big enough botnet?
Posts: 1,778
Threads: 163
Joined: Jun 2007
Reputation:
218
08-25-2010, 11:16 PM
(This post was last modified: 09-14-2010, 02:37 PM by Omniscient.)
Slowloris is more complicated than simple get commands. It opens the HTTP connection but doesn't ever close it. What you describe is simple httpd flood which is easily blocked mostly.
Syn floods are normally easy to stop too if you have a capable sys admin. 99% of attacks I have seen had a pattern that was recognizable enough for me to block them at server level.
UDP/Ping are funny since these are services you can normally just turn off or reroute. You can just do DNS mirrors or round-robin DNS to avoid large botnet attacks. DNS service can easily be moved to a host offering good DDOS protection at a fairly reasonable price too.
Ping flood is just a complete waste of everyones time.
Everything can be stopped at router level but the risk of false positives grows. Best to use all 3 protection layers appropriately.
I am here to rescue you.
This is Support Forums not Support PMs. Do not PM me for support unless it's private and site related.
Posts: 47
Threads: 6
Joined: Aug 2010
(08-25-2010, 11:16 PM)Omniscient Wrote: Slowloris is more complicated than simple get commands. It opens the HTTP connection but doesn't ever close it. What you describe is simple httpd flood which is easily blocked mostly.
Syn floods are normally easy to stop too if you have a capable sys admin. 99% of attacks I have seen had a pattern that was recognizable enough for me to block them at server level.
UDP/Ping are funny since these are services you can normally just turn off or reroute. You can just do DNS mirrors or round-robin DNS to avoid large botnet attacks. DNS service can easily be moved to a host offering good DDOS protection at a fairly reasonable price too.
Ping flood is a just. Complete waste of everyones time.
Everything can be stopped at router level but the risk of false positives grows. Best to use all 3 protection layers appropriately.
Yeah, a few datacenters have Cisco's and other HWFW routers You have to pay loads but i did once and it was worth having the access ^^.
my site mainly gets hit by Get floods on heavier pages. (the occasional slowloris) httpflood i just block with a php script to add "spamming" Ip's to the htaccess block list. Slowloris i haven't figured yet, buy instead of spamming it holding connections i can't find a rule to detect it. Surprised apache haven't done something about it yet.
Posts: 22
Threads: 6
Joined: Apr 2010
Reputation:
1
08-28-2010, 11:45 PM
(This post was last modified: 08-28-2010, 11:45 PM by Dragon Hawk.)
Thanks for this info but I really wanted to know more about this
Posts: 109
Threads: 6
Joined: Jun 2010
Is there any way to prevent DDoS attacks from say, XBL? (People trying to host boot)
Posts: 124
Threads: 9
Joined: Sep 2010
Reputation:
6
09-03-2010, 07:46 AM
(This post was last modified: 09-03-2010, 07:46 AM by !!* Alone Vampire *!!.)
Thanks for the information, my knowledge enriched.
Posts: 124
Threads: 9
Joined: Sep 2010
Reputation:
6
Can you please if there is any anti-ddoser code.
Posts: 3,538
Threads: 348
Joined: Mar 2010
Reputation:
57
This is very helpful information. I'm not very knowledgeable when it comes to DDoS attacks and I've always wondered, why is it that some websites are harder to DDoS than others? Government websites for example.. Is it just that they know how to deal with them better & quicker than most people?
Sorry if it sounds a dumb question...
Posts: 111
Threads: 14
Joined: Jul 2010
Reputation:
5
This is greatly broken down, actually. I always figured it wouldn't be as simply said as Omni has shown so.
I use round robin for my servers, although I don't recieve attacks like omni does, It does just fine.