New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Fastnetmon takes care of that for you and submits the RTBH for you. Pay someone with some network experience to set it up for your clients sake.
The fact is you were lucky no one bothered poking at you for 3 years. Now they know your network is a joke, have no desire to fix it, and apparently no interest.
1) Ask your ISPs their communities, you could have easily set a community to sinkhole an IP.
2) Your ISP can help you block an IP if you're getting pummeled like you did.
3) Pay someone with network knowledge you trust to setup FastNetMon. This will avoid you having no idea what's going on with flowspec or netflow populating it. Beyond telling you network inbound and outbound, it can send RTBH communities upstream.
Yeah you 100% are. You spent time dicking around on L7 techniques and asking people what shapes they liked instead of any type of DDoS mitigation. You got lucky, got slapped once, and now are throwing in the towel.
K, enjoy OVH, you're a lost cause.
Would be useful if DDoS was originating from LAN.
The DDoS is coming from the inside!
i knew it, its the old laptop
PS: - 8953:666 Blackhole IPv4 /32 or IPv6 /128 (from own networks only)
This wasn't hard to find. Now please, try to fix your shit.
Also you should secure your network seems someone is already in.
https://viz.greynoise.io/query?gnql=metadata.asn:"AS57403"
At least his website is on OVH now; oh wait that's dead too
abuseipdb also started too hmm
https://www.abuseipdb.com/check/188.241.241.3
https://www.abuseipdb.com/check/188.241.240.3
Does this mean incorectly configed network?
who knows, but he should
https://www.abuseipdb.com/check-block/188.241.240.0/24
sort by date most recent and see lol
i know abuseipdb is not so reliable but will tell something...
Mmm, yes...
Observed Threat: NTP Amplification REQ_MON_GETLIST Request Found
he does not have problem he has ovh + 2 x 10 gbit
I hope he has RPF, DHCP Snooping and IP Source Guard enabled on his Ciscos…and ofc blocks RFC 1918 ip space. At least thats what i know from CCNA…or work with ACLs
I guess that's somewhat misleading. As i read it it's a record from when he was attacked. The reporting site simply recorded the requesting IP which in case of DNS amplification is spoofed to the actual victim's IP.
I am not sure that his virtual machines use DHCP and are not statically configured, however I doubt he don't implement BCP-38 - he would be abused by DDoSers to the dust otherwise :D
AbuseIPDB is known to have lots of useless reports - most of reporters don't have any clue on why they should not report TCP SYN packets. However, AbuseIPDB states both UDP and TCP SYN reports are not allowed (point 10 of FAQ).
As I read: gazi is in chain of attack by DNS amplification. Smth -> gazi -> victim
No, hazi is a victim of an amplification attempts. This is due to the nature of amplification attacks - attacker pretends to be a victim, sends UDP packet to an amplificator (DNS or NTP server), and victim receives large response.
Hamzi Damzi sat on a wall…
Please correct me if I’m wrong, but isn’t the current L7 challenge kind of stupid?
Even by just completely guessing, there’s a 20 % chance of getting it right, after which you seem to gain access instantly, no matter what (if you’re right, of course)
I am sure Calin is throwing a celebratory party tonight. The battle between this two has been entertaining, this is just the icing on a juicy cake.
Nah, calin is bussy to pay those instalments to crunch maister. More like @Andreix is smiling
Meanwhile @host_c and @Hosteroid are watching Florin and Calin from the background, facepalming.
so how it is now? can you access it? cause i can not load a sh*te
No, I can't.
why dont u fix it
Your ACL prevents your own nameservers from serving public (ns1 and ns2 are not responding to the queries)
Pull the plug. Don't give satisfaction for skids.
best free anti ddos -> pull out all the cables
attacks again https://www.abuseipdb.com/check/188.241.240.3 ??
Yeah and by what i remember from the thread where he first demonstrated it ChatGPT was able to solve it instantly. While it failed to correctly identify the contents of the picture it still picked the right combination so any wannabe attacker would simply have to automate ChatGPT solving the challenge...