Under DDOS Attack

[L15ard]

Our website is under DDOS attack, and whilst ZA pro is blocking all the requests for port 137, it still render the website inaccessable, we have a linksys router, is there any way to bounce these request at the router?

[NooNoo]

If you have proof then your isp should be able to block it at their routers.

[Gollo]

Gotta agree with noo on this one. If you had a decent router (not a home gateway like you have there) then you could block the ip or range of ip's (depends on the situation)

[L15ard]

We're gonna try a packet sniffer and get the true source of the attack and inform his/her isp, thanks for you input, BTW things seem to have calmed down now, maybe he/she know we're onto em???

[silencio]

If you are indeed under a DDOS attack an IP will do zero good. The first D in DDOS is for Distributed. That means that the attacker is utilizing a number of zombies. That means you'd have to block hundreds or thousands of IPs or networks AT THE ISP. No ISP is going to do that. If it's just one dude attacking you it's simple to block the IP and if you keep your logs you can sue the bastage.

[NooNoo]

Originally posted by silencio
If you are indeed under a DDOS attack an IP will do zero good. The first D in DDOS is for Distributed. That means that the attacker is utilizing a number of zombies. That means you'd have to block hundreds or thousands of IPs or networks AT THE ISP. No ISP is going to do that. If it's just one dude attacking you it's simple to block the IP and if you keep your logs you can sue the bastage.

Indeed, but the ISP should be involved as its running up the bw for this site through no fault of their own.... I was thinking along the line of what Steve Gibson did when his site was attacked... www.grc.com

[L15ard]

And dis-assembling a packet and comparing the IPs is always a good thing to do, as like you say they do use zombies, but there maybe info in there that leads to the perp...

[Matridom]

Originally posted by NooNoo
Indeed, but the ISP should be involved as its running up the bw for this site through no fault of their own.... I was thinking along the line of what Steve Gibson did when his site was attacked... www.grc.com

I believe Noo has it right here. He should call his OWN ISP and have those packets blocked, the ISP has a much broader trunk for internet access and is therefore much much more difficult to get knocked off by a DDOS attack. What you need to do is determine what type of packets are knocking you offline, findout what you want blocked and have and ACL put on the router to block that info (ACL, Access Control List)