DoS attacks a growing internet problem
Posted: 07 Jun 2007, 07:36
I thought it would be good idea to start new thread about this matter. We discusses this problem here:
https://ssl.trashmail.net/forum/viewtopic.php?p=356#356
--
Broken ADSL line, ok that's unfortunately quite normal.
But DoS attacks or even DDoS attacks?
Could you tell more about those. Because that's just the reason why the another antispam site (spamgourmet) has been so badly broken for a long time. What kind of DDoS attacks are targeted to your system and how you are fighting those?
That matter has been quite much in public lately in Finland because of those Estonian and Finnish DDoS attacks. Some Estonian sites that usually server 1000 users / day started to get 5 milloin hits per seconds. And that's quite a much.
As far as I did understand from Spamgourmet attacks, spamgourmet resources were tied using open SMTP sessions which didn't transmit any data so. Session is "tied" or just normally open until it times out. And depending from settings that might be a quite long time. In that case it would be quite natural to first start limiting sessions / IP. At least my ISP does exactly that. Allowing only 2 concurrent smtp sessions per IP. At times that's quite annoying because I'm using nat. And I would like to have more sessions. They fixed that problem after several queries.
I'm very interested about this matter. It depends from the type of attack if moving to another location with "great pipe" will bring any help. In a matter of fact it might even make situation just worse. If attacks are designed so that bandwidth isn't wasted but server resources are.
P.S. If you think that DoS / DDoS attack information is too sensitive for public, please email me.
- Thank you!
Also see following links:
http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm
https://ssl.trashmail.net/forum/viewtopic.php?p=356#356
--
Broken ADSL line, ok that's unfortunately quite normal.
But DoS attacks or even DDoS attacks?
Could you tell more about those. Because that's just the reason why the another antispam site (spamgourmet) has been so badly broken for a long time. What kind of DDoS attacks are targeted to your system and how you are fighting those?
That matter has been quite much in public lately in Finland because of those Estonian and Finnish DDoS attacks. Some Estonian sites that usually server 1000 users / day started to get 5 milloin hits per seconds. And that's quite a much.
As far as I did understand from Spamgourmet attacks, spamgourmet resources were tied using open SMTP sessions which didn't transmit any data so. Session is "tied" or just normally open until it times out. And depending from settings that might be a quite long time. In that case it would be quite natural to first start limiting sessions / IP. At least my ISP does exactly that. Allowing only 2 concurrent smtp sessions per IP. At times that's quite annoying because I'm using nat. And I would like to have more sessions. They fixed that problem after several queries.
I'm very interested about this matter. It depends from the type of attack if moving to another location with "great pipe" will bring any help. In a matter of fact it might even make situation just worse. If attacks are designed so that bandwidth isn't wasted but server resources are.
P.S. If you think that DoS / DDoS attack information is too sensitive for public, please email me.
- Thank you!
Also see following links:
http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm