| Linode Forum https://forum.linode.com/ |
|
| DNS DDoS Attack - Resolved https://forum.linode.com/viewtopic.php?f=19&t=8975 |
Page 2 of 2 |
| Author: | obs [ Tue Jun 12, 2012 4:39 pm ] |
| Post subject: | Re: DNS DDoS Attack |
I ignore them, happens to me all the time some box or group of boxes for some reason decide to try and poke holes in one or more of my servers, in the past year I'd say only one has actually had any effect and that was on a pretty loaded server so I just dropped anything that looked suspicious, they stopped after a few days. What's really sad is lately I've noticed an increase in people trying to perform syn flood attacks which is very easy to mitigate. |
|
| Author: | Guspaz [ Tue Jun 12, 2012 7:51 pm ] |
| Post subject: | Re: DNS DDoS Attack |
Well, the definition of mitigating an attack is pretty much reducing the impact of the attack such that regular traffic can be served at a reasonable speed. Getting 1.5 Mbps of traffic on a 1000 Mbps pipe isn't going to impact regular traffic. You say that legitimate traffic would be "competing" with the attack, but you're talking about something that represents 0.15% of the total pipe coming into the box. How is competing with a measly 1.5Mbps different from competing with the inbound traffic of all the other linodes on the physical host? What if somebody else on the host is running a legitimate DNS server getting more than 1.5 Mbps of traffic? If you're under attack, and the attack is having zero impact on either your financials or ability/performance to serve traffic, I'd call that attack effectively mitigated. So, in response to your question, if somebody sent 1.5 Mbps of malicious DNS traffic to me and I didn't have anything listening on port 53, yes, I'd just ignore it. Attacks that have no impact are best ignored, because the attacker will eventually give up for lack of effect. But 1.5Mbps barely qualifies as an attack, it's barely more than a probe. |
|
| Author: | asp [ Tue Jun 12, 2012 8:59 pm ] |
| Post subject: | Re: DNS DDoS Attack |
obs wrote: I ignore them, happens to me all the time some box or group of boxes for some reason decide to try and poke holes in one or more of my servers, in the past year I'd say only one has actually had any effect and that was on a pretty loaded server so I just dropped anything that looked suspicious, they stopped after a few days. What's really sad is lately I've noticed an increase in people trying to perform syn flood attacks which is very easy to mitigate. Thanks obs |
|
| Author: | asp [ Tue Jun 12, 2012 9:24 pm ] |
| Post subject: | Re: DNS DDoS Attack - Resolved |
Just wanted to thank everyone that replied on this thread. I'm marking it as resolved it seems like the overall consensus is that this really wasn't a big deal at all, be it 7Mb/s or 1.5Mb/s. As you guys have described the overall load placed on the linode and the network pipe is insignificant and ultimately not worth worrying about in this situation. I'm am glad, however, linode thought it was a reasonable request to change my IP. That made the whole thing a moot point, but I'm grateful for the discussion and all of your ideas. Thanks again, Aaron |
|
| Author: | derfy [ Sat Mar 30, 2013 2:44 pm ] |
| Post subject: | Re: DNS DDoS Attack - Resolved |
...well I'd buy you a fur coat (but not a real fur coat, that's cruel) |
|
| Author: | zunzun [ Sat Mar 30, 2013 4:51 pm ] |
| Post subject: | Re: DNS DDoS Attack - Resolved |
derfy wrote: ...well I'd buy you a fur coat (but not a real fur coat, that's cruel) Eat the whales! Persons for the Excessive Tasting of Animals |
|
| Author: | glg [ Sun Mar 31, 2013 12:27 am ] |
| Post subject: | Re: DNS DDoS Attack - Resolved |
zunzun wrote: derfy wrote: ...well I'd buy you a fur coat (but not a real fur coat, that's cruel) Eat the whales! Persons for the Excessive Tasting of Animals I'd buy you a green dress (but not a real green dress, that's cruel) |
|
| Author: | Guspaz [ Mon Apr 01, 2013 10:25 am ] |
| Post subject: | Re: DNS DDoS Attack - Resolved |
I'd buy you furniture for your house (maybe a nice chesterfield or an ottoman) |
|
| Page 2 of 2 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|