Network under DDOS attack.

Discussion in 'other security issues & news' started by x942, Jul 5, 2011.

Thread Status:
Not open for further replies.
  1. x942

    x942 Guest

    Late last night (3:45 am) my network came under a DDOS attack. The attack is comming from a bunch of chinese based IP addresses (means nothing - could be botnet or proxies).

    The attack has been block by my hardware firewalls for the most part (Using a D-Link router and AlphaSheild FW and an Untangle FW). The issues accord as so:

    My Untangle box is auto-banning the IP's but everytime it seems like 4 more come back. I don't know why I am under attack or who is doing it, but should I just blacklist ALL chinese based IP addresses? Besides bandwith issues my untangle boxes are dropping all the packets pretty fast. I am worried the DDOS may be able to overwhelm my Untangle boxes and leave my either DOA or wide open to attack.

    Right now I am set up as so:

    Any suggestions? Should I ban the IP's at both Untangle boxes AND the Router? I am thinking of calling my ISP too.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ban them all and wait it out.

    edit: Oh, and call your ISP.
     
  3. x942

    x942 Guest

    Thanks :thumb: I wasn't sure if there would be any bad side affects of doing this so I though i'd ask :p I have never done a blanket ban on an entire contry before. (not that I have any software that is chinese based).

    Going to ban and hide for now. Staying on high alert though. No clue why they are targeting me. Nothing of (real) importance is stored on my home network. Anything that someone would be after (besides personal information) would be secured at work (in a high secure network where only a whitelist of ip's are allowed and everything is behind 3 FW's minimum).:thumb:
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No idea. It happens though.

    Let your ISP know so they can work it out.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  6. x942

    x942 Guest

    You may be right. I have been running them with internet and been publically posting about it. Not that I am worried about posting it. If these attacks are a result (which they very well may not be) I am prepared and have set up a fail safe IDS command that will upload all of my findings to a public drop box folder (same that I posted in that other thread) upon being hit by ANY sort of attack. *to avoid False Positives the attack has to be considered a high risk*.

    As for my experiments I will post updates in that thread.

    DDOS update:

    Seems they are still trying but my global ban is stopping them. My ISP is talking with my almost every day now and they are trying to find a way to block them. Today it reached a new high point of 93 IP addresses DDOSing me. Seems like someone is using a botnet here (or renting one).
     
Loading...
Thread Status:
Not open for further replies.