This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

How To Block NTP-based DDoS attacks
#1
How To Block NTP-based DDoS attacks
Anyone Help ME Please....

How To Block NTP-based DDoS attacks?

I Already Block 123 Port 
But Someone attack From 3 days With Randomized port...


SadSadSadSadSadSadSadSadSadSadSadSadSadSad
Reply
Thanks given by:
#2
RE: How To Block NTP-based DDoS attacks
It will be hard to block such attacks on your side.

You can already block all ports beside 80 21 22.

Best solution is having your isp filtering traffic and a lot have such offers included.

You can use also cloudflare but you will need their premium service to protect http.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#3
RE: How To Block NTP-based DDoS attacks
I will give you two options:

1. You need to put a good firewall in place that has the intelligence to stop DDOS attacks. Watchguards are very good at this but you have to know how to program them to stop DDOS and it is very difficult for a novice. I personally use Watchguards and just stopped a DDOS attack two days ago and it was a huge one. It brought my firewalls down 6 times until I got the config right. I also found they were using the ZPanel Postfix server as a relay as well and had to close that off. Once I did, they gave up. The ISP didn't help me and won't help you as they don't have the time to solve a complex DDOS unless you are a huge customer. You are not going to be able to stop DDOS without a good piece of equipment in place that has the ability to stop them. I have heard Untangle which is a free firewall also has this ability but I have not been able to try it yet. I am sure it is not as good as a Watchguard though.

2. I am a security consultant and you can hire me to help you. This is just an option I put out there if you need help. I will be more than happy to answer questions on the forum at no charge but if you don't have time or need some paid help, I am available.

Please note that even if you get a firewall that can stop a DDOS, it takes a high level knowledge of firewall programming to stop them. I had to put a very complex custom config on my Watchguard to stop the attack and then put in a custom PostFix config that worked with the firewall. Once I did, they stopped.

Also keep in mind that it takes a high level of forensic knowledge on Linux if you are running ZPanel or Sentora as you need to backtrace what is happening to know how to stop it. The bottom line is that DDOS attacks are very hard to stop.

Scott
Reply
Thanks given by:
#4
RE: How To Block NTP-based DDoS attacks
This Is Possable? Block This Randomized NTP-based DDoS attacks With csf?
Reply
Thanks given by:
#5
RE: How To Block NTP-based DDoS attacks
(09-15-2014, 05:18 AM)MET4LG0D Wrote: This Is Possable? Block This Randomized NTP-based DDoS attacks With csf?

What is CSF?
Reply
Thanks given by:
#6
RE: How To Block NTP-based DDoS attacks
http://configserver.com/cp/csf.html
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#7
RE: How To Block NTP-based DDoS attacks
(09-15-2014, 10:06 AM)TGates Wrote: http://configserver.com/cp/csf.html

I personally have not seen an open source or software based firewall that can block DDOS. Many of the firewall vendors are able to sell their firewalls for thousands of dollars because they write proprietary logic into them that the open source packages don't have.

The only one that may do it is a firewall called "Untangle". It is a very powerful firewall that is commercial but free. The company sells advanced modules if you want them. The thing comes with everything you need to stop a DDOS attack and may do what you want. I have never tested it against a DDOS though.

They have a concept in it called the "bullpen" where bad IPs get blacklisted automatically but it doesn't seem to have the same logic or strength of a commercial firewall. Give it a try. It only takes a few minutes to load. 

I will note the same thing I tell everyone - If you are going to run a product like Sentora, you need to seriously consider investing in good firewalls. They are the difference between you being brought down and surviving. If I didn't have my Watchguards in place, my hosting company would not be running right now. A good firewall is worth every penny. 

Scott
Reply
Thanks given by:
#8
RE: How To Block NTP-based DDoS attacks
DDOS should be mitigated mostly at routers and upstream not at servers level as even if you keep dropping packets you will be receiving so much data that your upstream will be dead.

If you have a 100 MB/S uplink and you get a 1GB/s attack wich gets common with NTP amplification you will off so quickly even if you drop ALL the packets or the attack port is closed.

If you want DDOS use an ISP that have such protection.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#9
RE: How To Block NTP-based DDoS attacks
Since I see from your profile, that you're from India, this might not be an option, but OVH has probably one of the best DDOS protections in place for ALL their servers, including the cheap VPS offers. However they only have servers in Europe (mainly near Paris) and Canada. The ping to my OVH server in Europa from India (Chennai) is 134 ms.

I have had some DDOS attacks on my server (don't know what kind of though, since I didn't have to do anything) and those were automatically mitigated by their protection. I don't know if they'll recognize DDOS on randomized ports, but I believe you can get a question to that answer from their support.
Reply
Thanks given by:
#10
RE: How To Block NTP-based DDoS attacks
(09-15-2014, 08:21 PM)Me.B Wrote: DDOS should be mitigated mostly at routers and upstream not at servers level as even if you keep dropping packets you will be receiving so much data that your upstream will be dead.

If you have a 100 MB/S uplink and you get a 1GB/s attack wich gets common with NTP amplification you will off so quickly even if you drop ALL the packets or the attack port is closed.

If you want DDOS use an ISP that have such protection.

M B

For those of you who live in a fantasy world and have high level ISPs that will do this for you, that's great. For the rest of us in lower end colo's and with tier C ISP's who are small businesses who don't have million dollar budgets, this is not a practical solution. 

I called my colo and they did nothing. And that is the case for most everyone else who doesn't have tier A Verizon service. The reality in this world is that you have to solve your own problems because your ISP won't do it for you.

I don't care how big the attack is. They attacked me at 10GB/s and I still survived it and the firewall successfully blocked it. All the firewall has to do is immediately shut down and drop the packets to free up the circuit. Yes, you will run slower during the attack but nothing is going offline.

It is amazing that there is so much mis-information about DDOS attacks out there. THEY CAN BE STOPPED WITH THE RIGHT FIREWALLS. 
Reply
Thanks given by:


Forum Jump:


Users browsing this thread: 1 Guest(s)