Hi,
I've been working the past 8 hrs combatting DDoS attacks on websites and
dedicated servers I host for clients.
They're hitting one specific IP address, but coming from thousands of external
IP addresses.
I use:
shorewall-4.0.10-3.noarch
How can I tackle this? I've blocked many subnets in
I'm aware of, but have never tried a technique called tarpitting that
is supposed to be very useful in your situation.
On Aug 29, 2009, at 1:18, Michael Mansour wrote:
> Hi,
>
> I've been working the past 8 hrs combatting DDoS attacks on websites
> and dedicated servers I host for clients.
>
--- On Sat, 8/29/09, Christ Schlacta wrote:
> I'm aware of, but have never tried a
> technique called tarpitting that
> is supposed to be very useful in your situation.
I think that the TARPIT target has made it into the latest kernels/iptables but
I haven't checked.
I don't know if shorewal
Vieri Di Paola wrote:
> --- On Sat, 8/29/09, Christ Schlacta wrote:
>
>> I'm aware of, but have never tried a
>> technique called tarpitting that
>> is supposed to be very useful in your situation.
>
> I think that the TARPIT target has made it into the latest kernels/iptables
> but I haven't
On Sat, 2009-08-29 at 01:18 -0700, Michael Mansour wrote:
> Hi,
>
> I've been working the past 8 hrs combatting DDoS attacks on websites and
> dedicated servers I host for clients.
>
> They're hitting one specific IP address, but coming from thousands of
> external IP addresses.
>
> I use:
>
Christ Schlacta wrote:
> I'm aware of, but have never tried a technique called tarpitting that
> is supposed to be very useful in your situation.
tarpitting a DDOS attack against a legitimate website takes the site
offline.
The TARPIT target is available in xtables-addons and it is easy to
cons
Hello,
I'm reading this guide on ipv6 (really just getting my "feet wet"):
http://www.shorewall.net/6to4.htm
In the section "Configuring IPv6 using my script" I can read that the IPv6
interfaces are:
INTERFACES="eth2 eth4"
and that correlates fine with the first diagram/figure.
However, further
Le 29 août 2009 à 10:18, Michael Mansour a
écrit :
> Hi,
>
> I've been working the past 8 hrs combatting DDoS attacks on websites
> and dedicated servers I host for clients.
>
> They're hitting one specific IP address, but coming from thousands
> of external IP addresses.
>
> I use:
>
>
I found the article I was reading before about a tarpitting solution
that doesn't simply take the website offline.
http://www.secureworks.com/research/threats/ddos/
Tom Eastep wrote:
> Christ Schlacta wrote:
>> I'm aware of, but have never tried a technique called tarpitting that
>> is suppose
I just lost all my shorewall6 configs and half my shorewall configs
because I forgot to add them to the NoUpgrade list before I upgraded.
I'm nearly in tears trying to fix it, and as always IRC support is
useless in finding a solution to prevent it from happening again..
---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christ Schlacta wrote:
> I just lost all my shorewall6 configs and half my shorewall configs
> because I forgot to add them to the NoUpgrade list before I upgraded.
>
> I'm nearly in tears trying to fix it, and as always IRC support is
> useless in
Christ Schlacta wrote:
>I just lost all my shorewall6 configs and half my shorewall configs
>because I forgot to add them to the NoUpgrade list before I upgraded.
>
>I'm nearly in tears trying to fix it, and as always IRC support is
>useless in finding a solution to prevent it from happening again.
archlinux. and usually upgrading /etc by default is a good thing since
most configs don't get changed by users and are essential to be up to
date.. some packages have a backup section in their packages that
specify files that may be modified by the users. shorewall isn't one of
them. I had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christ Schlacta wrote:
> archlinux. and usually upgrading /etc by default is a good thing since
> most configs don't get changed by users and are essential to be up to
> date..
I think the notion of replacing a config file on an upgrade is
complete
I'm familiar with backup procedures and systems, and have been pushing
my wife (this is my home system) to let me buy or build one for quite
some time, unfortunately it's simply not in the budget, whereas any
downtime up to about three days is. that's how long it owuld take me to
reestablish i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vieri Di Paola wrote:
> Hello,
>
> I'm reading this guide on ipv6 (really just getting my "feet wet"):
> http://www.shorewall.net/6to4.htm
>
> In the section "Configuring IPv6 using my script" I can read that the IPv6
> interfaces are:
> INTERFACES=
From: Christ Schlacta [aarc...@gmail.com]
Sent: Sunday, 30 August 2009 5:48 AM
To: Shorewall Users
Subject: Re: [Shorewall-users] sad story:(
I'm familiar with backup procedures and systems, and have been pushing
my wife (this is my home system) to let me b
17 matches
Mail list logo
