• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

DDOS: Size, types, timing

Blackheart OT

Blackheart OT

Defense in depth
Joined
Nov 21, 2014
Messages
26
Reaction score
2
Location
USA
Hello fellow developers,

I am currently designing the layer architecture for my OT project. Conscientious of how common DDOS attacks are in our community, I am taking a multi-layer approach to defending from DDOS. It would help me a lot to have some sort of feeling for the size, types, and exposure time of the common DDOS attacks being used on OT servers. Some of the questions I have are:

Average GB/s size?

Are they infrasctucture attacks (DNS, network, etc...) or application attacks (SYN flood, NTP amplification, HTTP attacks like Slowloris, GET flood, etc...)?

Are the typical attacks prolonged or hit and run? How long is the average period of attack?

Additionally, any advice or experience from those of you that have fended off attacks would be appreciated.

-Mike
 
Normally just kids playing with HOIC and LOIC kind of programs. If someone actually does a proper DDOS attack on your server you must have pissed the wrong people.
There are multiple programs that can protect you from that kind of stuff easily, no need to go around and go crazy on "defenses".


If i'm wrong, enlighten me.
 
filipus said:
Normally just kids playing with HOIC and LOIC kind of programs. If someone actually does a proper DDOS attack on your server you must have pissed the wrong people.
There are multiple programs that can protect you from that kind of stuff easily, no need to go around and go crazy on "defenses".
Click to expand...

Correct me if I'm wrong, but HOIC hits only HTTP traffic, and can be stopped by OWASP Apache mod_security tool (implemented) and LOIC hits TCP and UDP. I added firewall rules that imposes a limit on packets per IP per interval (when packer/min goes above 1000, it throttles it down to 200/min until rate drops bellow). I am concerned here that the firewall sits on same machine as the server. Additionally, a load balancer sits in front of the server machine dropping all SYN and UDP traffic.

Is the above satisfactory, or am I missing something?
 
I think that works. You just really need to limit the connections by IP in my opinion, most of these "DDOS" run those things from their machines. They do not have a "hive-mind" or something like that. If they do, you are pretty much screwed.
 
as long as DoS is caused by server software processing too much data firewall can help, but if you are simply receiving more data than your bandwith can handle you are f***** anyway
 
Damon said:
Sounds fair enough. If you stillencounter problems: http://dosarrest.com
Click to expand...

I spoke to a representative and they only offer protection over HTTP and HTTPS - I feel secure enough on those ports. I've pushed my public DNS out to multiple Geo locations worldwide with all internal nodes and machines blocked by a network firewall. None of my machines have a public IP, and only valid traffic is allowed through the multiple DNS.

I'm worried about attacks on 7171-7172, which for technical reasons I could only route through one DNS. It does have the load balancer in front blocking the aforementioned attack types, and iptable rate-limiting policy. The load balancer can auto scale horizontally to absorb some attacks.
 
Last edited:
Blackheart OT said:
I spoke to a representative and they only offer protection over HTTP and HTTPS - I feel secure enough on those ports. I've pushed my public DNS out to multiple Geo locations worldwide with all internal nodes and machines blocked by a network firewall. None of my machines have a public IP, and only valid traffic is allowed through the multiple DNS. I'm worried about any attacks on 7171-7172, which for technical reasons I could only route through one DNS.
Click to expand...
Hmm, what about Incapsula protection then ?
http://www.incapsula.com/ddos-protection-services.html
They are among the best rated DDOS PROTECTION SERVICES and offer DDOS protection even for TCP and UDP ports which are the ones you are talking about?! correct me if im wrong :)
another option would be https://www.staminus.net/under-attack
In their "under attack" page they also have "online based game" in their categorys meaning they are also used to deal with these kinda attacks :p
 
Last edited:
filipus said:
I still don't understand why you are so worried about DDOS.
Click to expand...

Because its my job to build a reliable system. I'm also worried about making sure all my scripts are optimized and the original content is engaging, I just don't post abut that :p
 
Back
Top