New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Block DNS & NTP Amplification
Hi guys. Do you know any simple way to block these attacks with 1 gbps server.
Is this possible with iptables to limit dns or ntp requests per minute?
Server is not hosting dns server so i think its possible if i upgrade it to 10 gbps maybe. Do anyone have knowledge about it?
Comments
You need DDoS protected uplink otherwise it will simply saturate your connection. You cant mitigate that on your side solely with iptables or another firewall solution.
Then it's not affected by DNS amplification.
No configuration or firewall needed.
If the Attack is bigger then 1 Gbits (in fact its a amp attack it will be bigger then 1 Gbit) you must search a provider who blocks this traffic for you before it reaches your server.
If the attack is smaller you can try to minimize the impact with iptables, but mostly it dont help much.
Do you have problems with incoming or outgoing attacks ?
It is strange to mitigate OUTGOING attack by increasing port speed
Yeah, but the post from yoursunny confused me
But it consumes all the bandwidth that server has. it uses 1 Gbps incoming traffic and loses connection.
Generally UDP with incoming, sometimes TCP attacks and both use outgoing/ingoing traffic. I'm also searching for some ddos protection solution like buyvm + path ip address.
We offer protected vServers and remote DDoS protection via gre.
The Servers are located in germany. We also give a free testserver out, just contact us
Check our Website out.
We also have a website with documentation on how we protect you from attacks
https://docs.packets-decreaser.net/
Not running DNS server means your server will not be used to attack others.
It's not possible to block incoming attacks.
You will unlock the IPv4 nullroute achievement.
Come to the forum and blame whoever you believe is attacking you.
The attack will generally stop in a day or two.
https://lowendtalk.com/discussion/comment/3751697#Comment_3751697
If you are running a website and the domain is eligible for Cloudflare, you can turn on Cloudflare orange cloud, to keep online during an attack.
The origin address shall be IPv6, because most incoming attacks would be targeting your IPv4 and then your IPv4 got nullrouted.
Cloudflare can still reach your origin over IPv6.
What about routing the dirty traffic to your IPv9 network?
Mitigate and send it back to me.
I tried this once and the penguins also stole the legitimate traffic and I got no packets at all back.
Actually I have a one liner that is very effective at handling this solely on the server side: