Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > DDOS attack


DDOS attack




Posted by lightmania, 05-03-2013, 04:31 PM
Hello everyone, My server is under ddos attack right now through teamspeak server application....as i was notified its size is 10mb attack and still was effective on the whole server and shut it down the server is windows not linux i got some antivirus softwares but still no shiit can anyone provide any useful things can i try to do? and thanks
Posted by nkawit, 05-03-2013, 05:32 PM
You probably want to contact your provider and ask them to assist, maybe they have DDoS gear as a service you can use.
Posted by incloudibly, 05-03-2013, 07:17 PM
There's not much you can do in the case of a distributed attack. Ask your provider if they have mitigation equipment on site. If not, look at the offers section for DDoS protection providers.
Posted by lightmania, 05-03-2013, 07:21 PM
Threshold FlowsDiff 40 flows/s, Diff: 140 flows/s Sum 42.028 flows/300s (140 flows/s), 42.395.000 packets/300s (141.316 packets/s), 41,602 GByte/300s (1.136 MBit/s) External 66.154.106.33, 100 flows/300s (0 flows/s), 100.000 packets/300s (333 packets/s), 0,083 GByte/300s (2 MBit/s) External 88.84.141.162, 99 flows/300s (0 flows/s), 99.000 packets/300s (330 packets/s), 0,097 GByte/300s (2 MBit/s) External 75.125.102.215, 99 flows/300s (0 flows/s), 99.000 packets/300s (330 packets/s), 0,083 GByte/300s (2 MBit/s) External 75.125.20.232, 97 flows/300s (0 flows/s), 98.000 packets/300s (326 packets/s), 0,082 GByte/300s (2 MBit/s) External 66.154.105.138, 97 flows/300s (0 flows/s), 97.000 packets/300s (323 packets/s), 0,081 GByte/300s (2 MBit/s) External 75.125.91.91, 95 flows/300s (0 flows/s), 96.000 packets/300s (320 packets/s), 0,094 GByte/300s (2 MBit/s) External 69.93.220.74, 94 flows/300s (0 flows/s), 95.000 packets/300s (316 packets/s), 0,079 GByte/300s (2 MBit/s) External 62.73.100.3, 93 flows/300s (0 flows/s), 94.000 packets/300s (313 packets/s), 0,092 GByte/300s (2 MBit/s) External 75.125.20.237, 92 flows/300s (0 flows/s), 94.000 packets/300s (313 packets/s), 0,078 GByte/300s (2 MBit/s) External 83.166.113.29, 92 flows/300s (0 flows/s), 93.000 packets/300s (310 packets/s), 0,091 GByte/300s (2 MBit/s) External 75.125.20.231, 90 flows/300s (0 flows/s), 91.000 packets/300s (303 packets/s), 0,076 GByte/300s (2 MBit/s) External 88.84.145.86, 90 flows/300s (0 flows/s), 90.000 packets/300s (300 packets/s), 0,089 GByte/300s (2 MBit/s) External 82.144.33.135, 90 flows/300s (0 flows/s), 90.000 packets/300s (300 packets/s), 0,088 GByte/300s (2 MBit/s) External 75.125.91.83, 89 flows/300s (0 flows/s), 90.000 packets/300s (300 packets/s), 0,088 GByte/300s (2 MBit/s) External 66.154.106.34, 89 flows/300s (0 flows/s), 90.000 packets/300s (300 packets/s), 0,075 GByte/300s (2 MBit/s) External 70.84.164.82, 89 flows/300s (0 flows/s), 89.000 packets/300s (296 packets/s), 0,088 GByte/300s (2 MBit/s) External 68.71.217.20, 89 flows/300s (0 flows/s), 89.000 packets/300s (296 packets/s), 0,088 GByte/300s (2 MBit/s) External 78.31.68.39, 89 flows/300s (0 flows/s), 89.000 packets/300s (296 packets/s), 0,074 GByte/300s (2 MBit/s) External 70.84.14.74, 88 flows/300s (0 flows/s), 88.000 packets/300s (293 packets/s), 0,073 GByte/300s (2 MBit/s) External 75.125.20.233, 88 flows/300s (0 flows/s), 88.000 packets/300s (293 packets/s), 0,073 GByte/300s (2 MBit/s) External 66.154.105.26, 87 flows/300s (0 flows/s), 89.000 packets/300s (296 packets/s), 0,074 GByte/300s (2 MBit/s) External 75.125.91.89, 87 flows/300s (0 flows/s), 87.000 packets/300s (290 packets/s), 0,085 GByte/300s (2 MBit/s) External 85.115.21.160, 87 flows/300s (0 flows/s), 87.000 packets/300s (290 packets/s), 0,085 GByte/300s (2 MBit/s) External 85.235.155.190, 85 flows/300s (0 flows/s), 86.000 packets/300s (286 packets/s), 0,084 GByte/300s (2 MBit/s) External 66.154.119.58, 85 flows/300s (0 flows/s), 86.000 packets/300s (286 packets/s), 0,084 GByte/300s (2 MBit/s) External 75.125.102.211, 85 flows/300s (0 flows/s), 86.000 packets/300s (286 packets/s), 0,072 GByte/300s (1 MBit/s) External 89.42.111.74, 85 flows/300s (0 flows/s), 85.000 packets/300s (283 packets/s), 0,083 GByte/300s (2 MBit/s) External 78.30.254.44, 84 flows/300s (0 flows/s), 85.000 packets/300s (283 packets/s), 0,083 GByte/300s (2 MBit/s) External 75.125.102.213, 84 flows/300s (0 flows/s), 85.000 packets/300s (283 packets/s), 0,071 GByte/300s (1 MBit/s) External 85.114.135.206, 84 flows/300s (0 flows/s), 84.000 packets/300s (280 packets/s), 0,117 GByte/300s (3 MBit/s) External 75.125.20.226, 84 flows/300s (0 flows/s), 84.000 packets/300s (280 packets/s), 0,070 GByte/300s (1 MBit/s) External 69.93.220.75, 84 flows/300s (0 flows/s), 84.000 packets/300s (280 packets/s), 0,070 GByte/300s (1 MBit/s) External 85.174.190.2, 83 flows/300s (0 flows/s), 86.000 packets/300s (286 packets/s), 0,084 GByte/300s (2 MBit/s) External 75.125.91.92, 83 flows/300s (0 flows/s), 84.000 packets/300s (280 packets/s), 0,082 GByte/300s (2 MBit/s) External 83.166.99.201, 83 flows/300s (0 flows/s), 84.000 packets/300s (280 packets/s), 0,082 GByte/300s (2 MBit/s) External 66.63.171.25, 83 flows/300s (0 flows/s), 83.000 packets/300s (276 packets/s), 0,116 GByte/300s (3 MBit/s) External 85.114.169.98, 82 flows/300s (0 flows/s), 82.000 packets/300s (273 packets/s), 0,080 GByte/300s (2 MBit/s) External 84.32.118.90, 81 flows/300s (0 flows/s), 83.000 packets/300s (276 packets/s), 0,081 GByte/300s (2 MBit/s) External 75.125.91.87, 81 flows/300s (0 flows/s), 82.000 packets/300s (273 packets/s), 0,080 GByte/300s (2 MBit/s) External 85.235.135.16, 81 flows/300s (0 flows/s), 82.000 packets/300s (273 packets/s), 0,080 GByte/300s (2 MBit/s) External 78.31.68.32, 81 flows/300s (0 flows/s), 81.000 packets/300s (270 packets/s), 0,080 GByte/300s (2 MBit/s) External 88.84.154.46, 81 flows/300s (0 flows/s), 81.000 packets/300s (270 packets/s), 0,080 GByte/300s (2 MBit/s) External 75.125.20.236, 81 flows/300s (0 flows/s), 81.000 packets/300s (270 packets/s), 0,068 GByte/300s (1 MBit/s) External 88.84.150.100, 80 flows/300s (0 flows/s), 81.000 packets/300s (270 packets/s), 0,080 GByte/300s (2 MBit/s) External 75.125.91.86, 80 flows/300s (0 flows/s), 80.000 packets/300s (266 packets/s), 0,079 GByte/300s (2 MBit/s) External 81.31.132.2, 80 flows/300s (0 flows/s), 80.000 packets/300s (266 packets/s), 0,079 GByte/300s (2 MBit/s) External 69.31.163.35, 80 flows/300s (0 flows/s), 80.000 packets/300s (266 packets/s), 0,079 GByte/300s (2 MBit/s) External 70.84.132.210, 80 flows/300s (0 flows/s), 80.000 packets/300s (266 packets/s), 0,067 GByte/300s (1 MBit/s) External 75.125.34.234, 80 flows/300s (0 flows/s), 80.000 packets/300s (266 packets/s), 0,067 GByte/300s (1 MBit/s) External 62.72.116.2, 79 flows/300s (0 flows/s), 81.000 packets/300s (270 packets/s), 0,080 GByte/300s (2 MBit/s) some logs was given to me i guess there is nothing i can do at this point just wait till the attack stops? my provider cant do anything only just wait... changing the ip would help? any companys that offer protection to the server not the domain? and thanks
Posted by jr0cks, 05-03-2013, 07:25 PM
i know softlayer uses cisco guard. Most bigger companies will offer this. The other solution is tcpdump and see what kind of attack it is... if they are just attacking a single port, block that port on your firewall. That doesnt mean its going to stop it, but at least it doesnt help.
Posted by 0x01-Security, 05-04-2013, 12:55 PM
That attack is less than 5Mbps, upgrade to a 100Mbps or 1Gbps server and you should be good.
Posted by BlazinHosting1, 05-04-2013, 01:03 PM
Stopping a ddos can be annoying indeed.
Posted by Infinitnet, 05-04-2013, 01:15 PM
You could host your Teamspeak server at a provider who offers DDoS protection, or look for a provider who offers tunneling.
Posted by reto, 05-05-2013, 05:00 AM
Your attack is relatively small and it is strange that your host suspended you. What bandwidth limitations do you have for your server? Is there a way to upgrade to 100/1000 Mbps? The ideal solution here would be getting a DDoS protected dedicated server with 1Gbps uplink. Read carefully trough the forums if you are going to change providers though. Lots of them offer no real protection at all and just nullroute you when there is an attack and wait till it's over.
Posted by Afterburst-Jack, 05-05-2013, 06:31 AM
No it isn't? It's over 1gbps.
Posted by BestServerSupport, 05-05-2013, 09:32 PM
If your provider can not help you in this small DDoS attack then it is better to shift your server to some other provider who can offer you uplink up to 1GBPS and with DDoS protection.
Posted by DeltaAnime, 05-05-2013, 09:45 PM
Yea I'm not seeing how someone could miss that point right in teh header: 41,602 GByte/300s (1.136 MBit/s) Francisco
Posted by 0x01-Security, 05-05-2013, 10:57 PM
I misread thanks for pointing that out.
Posted by HydraBurx, 05-05-2013, 11:03 PM
You need to look for a provider that offers DDoS protection.
Posted by ClearDDoS, 05-06-2013, 06:09 AM
10Mb is very small attack. It sounds like HTTP GET/POST attack that cause your web service / database hung. Please check netstat output.
Posted by Infinitnet, 05-06-2013, 06:23 AM
It's not 10Mbps, it's 1.1Gbps, as you would notice if you would have a look at the logs the OP posted.
Posted by ClearDDoS, 05-06-2013, 06:50 AM
Yes, "41,602 GByte/300s", it's about 1.1Gbps. Then the actual attack may higher. Need to measure the attack size/type of attack, then find out a solution.
Posted by DeltaAnime, 05-06-2013, 06:53 AM
Given it's over a period of 5 minutes it's likely about the peak. Francisco
Posted by Intreppid_Jonathan, 05-06-2013, 01:57 PM
10MB is a small attack just like everyone else has stated. If its 1.1gbps then thats a whole new story. I would go with a reputable ddos mitigation company if you can afford it, otherwise there is very little any other ISP will do for you as sustaining 1.1gbps for a long period of time will cost the ISP more money then they are receiving from you and will most likely null route you.
Posted by Afterburst-Jack, 05-06-2013, 01:58 PM
Read the traffic log It isn't 10MB.
Posted by Intreppid_Jonathan, 05-06-2013, 02:01 PM
Was a stale comment sitting while I was doing some work, I edited the paste before you even commented, Thanks for that.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Looking for Good Reseller to start offer!! (Views: 838)
problem with php 5.2.10 (Views: 745)
Help with getting a KVM switch to work (Views: 758)
Building A Control Panel (Views: 791)
problem with php sessions (Views: 781)


Language:

LoadingRetrieving latest tweet...

Client Navigation
Useful Pages
Support Center
About 02link

02link provides enterprise hosting and server services at an amazing price. Don't see something that suits your needs? Get a free custom quote from one of our hosting experts.

Back to Top Copyright © 2018 DC International LLC. - All Rights Reserved.