Question about ddos attacks.

Energize · 12 Apr 2007 at 03:03

When a server gets hit by one of these attacks they always seem to be down for days, why can't the server just block the ip addresses sending all the packets?

Craig321 · 12 Apr 2007 at 03:15

Big DoS attacks are sent from thousands of computers. You'd need to get the server up for long enough to add those IPs to the block list.

Even then, if someone is determined to take down your server they'll just use a whole new set of zombied computers.

Energize · 12 Apr 2007 at 03:27

Can't you have a system where the amount of packets being recieved or processed are limited all the time so there can never be enough to stop the server?

growse · 12 Apr 2007 at 09:39

Any system you put in place to limit or block ip address will still have to use CPU cycles and bandwidth to a) determine that a packet has arrived and b) figure out where it came from. If your server is on a 10Mbit line, and I'm sending you 1 million, 100-byte packets per second (that's 100MB/s), most of the bandwidth is going to be used carrying these packets, which doesn't give anything else much of a chance to get through.

So, a well Ddos attack will make you (a) run out of bandwidth preventing legitimate requests from getting to you, and (b) make you run out of processing power which stops legitimate requests from being processed properly.

Adz · 12 Apr 2007 at 11:55

Energize said:
When a server gets hit by one of these attacks they always seem to be down for days, why can't the server just block the ip addresses sending all the packets?

Because the source address of the packets is often spoofed. What you need is a firewall to analyse the packets, decide which are DDoS and which are legitimate traffic and block accordingly. Of course you still have to deal with upstream link saturation and/or your ISP cutting you off

.

Can't you have a system where the amount of packets being recieved or processed are limited all the time so there can never be enough to stop the server?

No, because under a DDoS you would be blocking your legitimate traffic too.

Lysander · 21 Apr 2009 at 13:46

Out of interest, what's the least amount of people it would take to carry out a consistently effective DDoS attack?

growse · 21 Apr 2009 at 14:50

Lysander said:
Out of interest, what's the least amount of people it would take to carry out a consistently effective DDoS attack?

Depends entirely on your target.

Burnsy2023 · 21 Apr 2009 at 14:57

growse said:
Depends entirely on your target.

There are loads of variables. The server spec, the application that is listening for the packets, the network infrastructure to name a few.

Lysander · 21 Apr 2009 at 15:00

OK, for instance a small forum or a Britney fansite. No, I'm not thinking of doing this.

Burnsy2023 · 21 Apr 2009 at 15:05

Lysander said:
OK, for instance a small forum or a Britney fansite. No, I'm not thinking of doing this.

Burnsy2023 said:
There are loads of variables. The server spec, the application that is listening for the packets, the network infrastructure to name a few.

Too difficult to say.

Energize · 21 Apr 2009 at 15:07

Wow I must say I was surprised to see this at the top of my thread subscriptions again!

Question about ddos attacks.

More options

Energize

Energize

Craig321

Craig321

Energize

Energize

growse

growse

Adz

Adz

Lysander

Lysander

Capodecina

growse

growse

Burnsy2023

Burnsy2023

Lysander

Lysander

Capodecina

Burnsy2023

Burnsy2023

Energize

Energize