Portal Home > Knowledgebase > Articles Database > how to mitigation spoofed attacks ?!
how to mitigation spoofed attacks ?!
| Posted by alirezakaj, 01-16-2016, 12:37 PM |
| hi
how to mitigate ddos attacks the best way of protection on my servers?
tell me needs , ways
step by step
as i am newbie
|
| Posted by Swiftnode, 01-16-2016, 01:18 PM |
| First step, provide a dump of the attack or give us some information other than it being spoofed. (Nearly every common UDP attack at the moment is spoofed, and they're not a one click fix.)
|
| Posted by alirezakaj, 01-16-2016, 02:11 PM |
| what you need from?
the attack shows a dos kind spoofed comes from 80 mb/s up to gig attacks
my servers information :
max : 680 mb/s dl speed & 400 mb/s upload
min:124 mb/s dl and 70 mb/s upload
location : Iran
|
| Posted by Swiftnode, 01-16-2016, 06:58 PM |
| A dump via tcpdump/tshark/wireshark during the attack would be good. As a note, you won't be able to filter attacks that exceed the line speed with software firewalls. (iptables/windows firewall/etc)
|
| Posted by alirezakaj, 01-17-2016, 03:55 AM |
| i tried wireshark before
wont show any thing of attack as they are fake ip * spoofed*
and my server goes down and reset so i cant save file and give you
|
| Posted by Swiftnode, 01-17-2016, 04:05 AM |
| Just because the source IPs are spoofed doesn't mean wireshark isn't showing anything useful. Try dumping the file over IPMI or set it up based on the current utilization of the NIC. (eg. >100mbps then dump)
|
| Posted by alirezakaj, 01-17-2016, 04:50 AM |
| just tell me way to mitigate them !
why we are lossing time for see some fake ip in wireshark?
idk what you need
|
| Posted by gnusys, 01-17-2016, 05:10 AM |
| Since the volume of the attack is high .You may need to host your server with people providing dedicated hardware ddos protection systems .
Also you didnt say anything about the nature of the attack .If its targeted at your application layer web service take a look at
https://www.nginx.com/blog/mitigatin...nd-nginx-plus/
Note that software based solutions has their limitation and you may not get a complete protection with them.
|
| Posted by Swiftnode, 01-17-2016, 05:11 AM |
| There isn't a way to mitigate all attacks with one method, without any details on the attack nobody can help you.
A dump of the attack, or more details on the attack.
It's not the spoofed IPs I'm interested in, it's the packet checksum, payload, source/destination ports, TTL value, length, etc.
There's a lot more data than just source and destination IPs.
You're the one asking for help, but with the information you've provided nobody can help you. There isn't a one and done method to resolving every possible attack.
|
| Posted by alirezakaj, 01-17-2016, 05:24 AM |
| so what is the next need if we have wireshark file ?
i want know Am i have needs for mitigate ddos or not ~?!
so tell me next ~ if i have them i will check wire shark then
|
| Posted by Afterburst-Jack, 01-17-2016, 10:40 AM |
| People here are helping you for free and have absolutely no obligation to help you; please keep that in mind. If you don't want to provide them the details they need to assist you, don't be surprised or angry when you don't get help.
(Post a packet dump of the attack and try to be polite)
|
Add to Favourites 
Print this Article
Also Read
