I've got some kids that are doing a ping and port flood attack. I noticed some slowness the other day, but chalked it up to some new legit website activity, but apparently, based on second-hand information, these jokers are trying to cause me some trouble. Since the first attack only slowed the server they are trying to get some more people together for the next attack.
What's my best option to deal with this? I've got T/C UNIX box. I need something cheap and easy hopefully. Thanks for any advice.
QUOTE (unixrules)
I've got some kids that are doing a ping and port flood attack. I noticed some slowness the other day, but chalked it up to some new legit website activity, but apparently, based on second-hand information, these jokers are trying to cause me some trouble. Since the first attack only slowed the server they are trying to get some more people together for the next attack.
What's my best option to deal with this? I've got T/C UNIX box. I need something cheap and easy hopefully. Thanks for any advice.
What's my best option to deal with this? I've got T/C UNIX box. I need something cheap and easy hopefully. Thanks for any advice.
Try ozone for a port based flood. Worked very well for me, I had floods of 60-300 Mbit, cut them down to 2-20 Mbit
, I think you will be very pleased with that it can do.
Thanks for the response, really appreciate the input. That sounds like a great option, I'm checking into it now.
A more fundamental question is how do I get some information about these kinds of things. I feel a bit blind at the moment, I can look at "top" and see the load is up, but nothing more specific than lots of httpd's perhaps, or try to peak at a few website server logs. And I can look at the bandwidth graphs in Orbit, and perhaps see a hill or spike in the usage, but how would I even know that port flooding was occuring, or excessive pings? So far, I'm just taking their word for what they were doing to my server.
A more fundamental question is how do I get some information about these kinds of things. I feel a bit blind at the moment, I can look at "top" and see the load is up, but nothing more specific than lots of httpd's perhaps, or try to peak at a few website server logs. And I can look at the bandwidth graphs in Orbit, and perhaps see a hill or spike in the usage, but how would I even know that port flooding was occuring, or excessive pings? So far, I'm just taking their word for what they were doing to my server.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.