Portal Home > Knowledgebase > Articles Database > DDoS question
DDoS question
| Posted by Looie, 12-28-2007, 10:32 PM |
| Just out of curiousity, what would happen if you changed the server IP to 127.0.0.1?
|
| Posted by david510, 12-28-2007, 11:53 PM |
| 127.0.0.1 is the localhost IP. Why would you need to change it?
|
| Posted by Xous, 12-29-2007, 02:34 AM |
| If you changed the dns name, assuming the DDoS used the DNS name and not set IP(s), the machines would probably try to "attack" themselves.
IMHO it is unlikely that the DDoS would use the dns name for your site.
Changing your dns to point to 127.0.0.1 would not really help you prevent or handle a DoS or DDoS because doing so would give them what they wanted in the first place -- your server offline.
|
| Posted by Looie, 12-29-2007, 12:47 PM |
| Yeah, I thought about them using the actual server IP after I posted the question
|
| Posted by jon-f, 12-29-2007, 01:40 PM |
| They would have to be hitting a particular domain before you could change dns to 127.0.0.1 for the bots to attack themselves.
True you may be giving them what they want by your server being down but in some cases this can work when they see their bots dropping like flies. But its just a constant state of dns resolution and downtime if you had to keep going back and forth doing it so the site would basically be down for a while.
In some cases though Ive seen attacking botnets get the dns turned around on them to localhost and it stop the attack. Usually have to keep it that way for a day or so then try to go back to normal.
Ive only had to do it on managment clients with unprotected servers or clients who couldnt upgrade to the needed protection.
But if its not consuming your pipe, just overwelming you at the server level there is hope depending on how much time you wanna spend. Changing http servers, tcp tuning, and firewall scripts can help mitigate or completely block the attack.
You would also have to have fair amount of resources to do this. I guess it all boils down to is if this is a client or one of your own sites. Whether you think its worth the work or not.
|
Add to Favourites 
Print this Article
Also Read
DDOS Victims (Views: 800)