FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 12-07-2007, 09:45 AM
Gavin Westwood
 
Default UDP flood DDoS attack with spoofed IP addresses

On 07/12/2007 09:52, Thomas Goirand wrote:

Has any of you had to deal with this type of attack? What is the way to
get the real IPs and finally found out where is the botnet and destroy it?



Hi Thomas.



While I haven't had any experience with dealing with this, I don't
think you can find out the offending IP directly.* I think you'd need
to speak to the your upstream ISP and they should be able to identify
the router that the packets are coming to their router from, then they
or you will need to talk to the ISP whose router that is, and trace
back from there, until you find the ISP whose router received the
request(s) from within their network.* Being a Botnet, you'd probably
have to do this for many different source ISPs.



Probably the easiest way to handle this for now is to prevent the flood
reaching your server by asking your ISP to block traffic on their main
router for the specific UDP ports that you are being attacked on where
packets are destined for your IP address(es).



Gavin



--



Gavin Westwood

Solutium



http://www.solutium.net - Going the extra mile to provide a fast,
helpful, reliable Web Hosting service.
 
Old 12-07-2007, 11:01 AM
Roberto C. Sánchez
 
Default UDP flood DDoS attack with spoofed IP addresses

On Fri, Dec 07, 2007 at 05:52:47PM +0800, Thomas Goirand wrote:
> Hi,
>
> Has any of you had to deal with this type of attack? What is the way to
> get the real IPs and finally found out where is the bootnet and destroy it?
>
Getting the source IPs can be tricky. If you have a good relationship
with your upstream ISP, they can probably help out. Destroying the
botnet is probably best left to law enforcement.

Regards,

-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
 

Thread Tools




All times are GMT. The time now is 11:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org