Question about ddos attacks.

Caporegime
Joined
12 Mar 2004
Posts
29,962
Location
England
When a server gets hit by one of these attacks they always seem to be down for days, why can't the server just block the ip addresses sending all the packets?
 
Big DoS attacks are sent from thousands of computers. You'd need to get the server up for long enough to add those IPs to the block list.

Even then, if someone is determined to take down your server they'll just use a whole new set of zombied computers.
 
Can't you have a system where the amount of packets being recieved or processed are limited all the time so there can never be enough to stop the server?
 
Any system you put in place to limit or block ip address will still have to use CPU cycles and bandwidth to a) determine that a packet has arrived and b) figure out where it came from. If your server is on a 10Mbit line, and I'm sending you 1 million, 100-byte packets per second (that's 100MB/s), most of the bandwidth is going to be used carrying these packets, which doesn't give anything else much of a chance to get through.

So, a well Ddos attack will make you (a) run out of bandwidth preventing legitimate requests from getting to you, and (b) make you run out of processing power which stops legitimate requests from being processed properly.
 
Energize said:
When a server gets hit by one of these attacks they always seem to be down for days, why can't the server just block the ip addresses sending all the packets?

Because the source address of the packets is often spoofed. What you need is a firewall to analyse the packets, decide which are DDoS and which are legitimate traffic and block accordingly. Of course you still have to deal with upstream link saturation and/or your ISP cutting you off :p.

Can't you have a system where the amount of packets being recieved or processed are limited all the time so there can never be enough to stop the server?

No, because under a DDoS you would be blocking your legitimate traffic too.
 
Out of interest, what's the least amount of people it would take to carry out a consistently effective DDoS attack?
 
Back
Top Bottom