I have a single instance running on GCP which right now’s suffering from a load-based DDoS. It’s a Debian-based instance proxying the traffic internally to a Geneweb daemon running on the same machine.
I recognized the server only answering with 503 Service Unavailable. Which I assume is Apache still responding while the daemon just can’t handle the load.
GCP’s Monitoring shows the instance spike. GCP Monitoring
tailf error.log shows incoming traffic. Screenshot Console
The instance is not load-balanced and has just default firewall rules. I’m rather inexperienced in advanced network administration, which is needed here.
Any hints? Recommendations?
I understand that GRE tunneling is very handy when sending the data back to the client after scrubbing because it’s designed to ensure that the data is sent reliably by initiating a private point-to-point connection. My question is, why is this needed? Why can’t the data be sent ‘normally’, via the internet? Will data get lost if sent via the normal way? Is it to be sure that the data isn’t intercepted over the internet?
The hosting (DDOS Protection) company https://ddos-guard.net/ is hosting the site <<snipped>> which is phishing hub and ch… | Read the rest of http://www.webhostingtalk.com/showthread.php?t=1767314&goto=newpost
Is there any new software “command line downloader” able to support ddos checkup ? Wget, Curl, Aria2c… does not support ddos protection checkup…
Description of the Situation:
Let’s say 1000 “known” clients/workers are collecting time-sensitive data from the field and sending to a server. Therefore, we need to secure the server from DDoS attacks at a specific day and period of nearly 3 hours. It is expected to have DDoS attack during this process.
Question: What are the possible ways of securing this process for that critical period of time? Maybe load balancing + firewall for allowing only 1000 “known” IP addresses … etc?
A server in a data center is getting a volumetric DDoS attack. Congestion starts to build up and the data center/ISP going to solve this by null-routing (RTBH routing) the server’s IP address for several hours. However the attacks are much sorter, lasting for a couple of minutes.
A script running on the server, seeing the NIC maxed out turns off the interface (or deletes the IP from the interface), and is about to turn it back on in a couple of minutes just to see if the storm is over.
Would turning the NIC off drain the congestion so the ISP would not act and so the server gets through the pains by being unreachable only for the duration of the attack not hours?
I know the router connected directly to the server replies back with an ICMP ‘Host Unreachable’, but what happens after that, does that eventually trigger anything in the infrastructure between the server and it’s attackers?