DDOS attack!

Post all general Toughbook related things here.
Post Reply
Message
Author
User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

DDOS attack!

#1 Post by Rob »

Most people won't see this but if you do I am working on a series of DDOS attacks that is bringing the 1GB fiber line to a hault. They are attacking the gateway which is affecting the firewall(s) behind it!

More to come later.

So done with this game.

Thanks!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Shawn
Posts: 2960
Joined: Fri Jan 18, 2013 11:35 am

Re: DDOS attack!

#2 Post by Shawn »

Keep pluggin on...
Life will beat you into submission.

kardan
Posts: 59
Joined: Fri Dec 10, 2010 9:38 pm

Re: DDOS attack!

#3 Post by kardan »

Rob,
Thanks for all the hard work you put in on this. It is much appreciated!

In a few more years you can get your little ones to help out...a virtual version of "taking out the trash for Dad".

Brian
CF-31XFLAXLM -- CF-31SBLEC1M -- CF-31JBEGA1M
CF-30KCPAQ2B -- CF-30CCR02BM
CF-19CJBLXBM -- CF-29NTWGZBM
MEMBER: Notebook Review
http://www.thessdreview.com

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: DDOS attack!

#4 Post by Rob »

Update:

The fiber box crashed this morning from another DDOS attack. I have enabled the 30 day free tried of the IDP which should stop this. If we need it it's $130 for 2 years so thankfully it's cheap! :)

This should also help with the virus's and PHP injection! Only time will tell though!

Thanks!
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Shawn
Posts: 2960
Joined: Fri Jan 18, 2013 11:35 am

Re: DDOS attack!

#5 Post by Shawn »

what is IDP?
Link?
Life will beat you into submission.

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: DDOS attack!

#6 Post by Rob »

https://www.zyxel.com/products_services ... n/benefits

I ordered a backup fiber gateway too because I'm pretty sure they broke the one with the hammering of it... I had to manually power cycle it TWICE today.

We shall see! :(
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Shawn
Posts: 2960
Joined: Fri Jan 18, 2013 11:35 am

Re: DDOS attack!

#7 Post by Shawn »

Life will beat you into submission.

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: DDOS attack!

#8 Post by Karl Klammer »

This thread seems to tell four different stories, so far.
Rob wrote:... 1) bringing the 1GB fiber line to a hault.
... 2) They are attacking the gateway which is affecting the firewall(s) 3) behind it!
... 4) I have enabled the 30 day free tried of the IDP which should stop this.
I'm doing network stuff for a living and I just can't wrap my head around how any of the 4 scenarios could possibly benefit from an idps:
how would installing an idps on the firewall lessen the stress on the fiber / gateway in front of it?
how would enabling an idps (network virus scanner) not reduce throughput?

==> what exactly is the problem you're trying to solve?
what's the bottleneck (bandwidth,cpu,disk,mem) on which host / link?

User avatar
Rob
Toughbooktalk Founder
Posts: 3575
Joined: Mon Mar 16, 2009 8:23 pm
Contact:

Re: DDOS attack!

#9 Post by Rob »

Karl,

It won't help the gateway! I'd have to get something to put in front of it.
~Rob - Vice President - Rugged Depot~
~Cell: (630)/300-8877~
~Owner - Toughbooktalk~
~Fully rugged Toughbook user since April 18th 2005~
~FZ-40ACAAHKM - Primary Toughbook / Workstation as of 7/29/22
~Win10 Pro (Win11 DG), Intel Core i5-1145G7 (up to 4.4GHz), vPro, 14.0" FHD Gloved Multi Touch, 16GB, 1TB Samsung SSD, Intel Wi-Fi 6, Bluetooth, 4G EM7690, GPS, Quad Pass (BIOS Selectable), Mic and Infrared 5MP Webcam, Standard Battery, TPM 2.0, Emissive Backlit Keyboard, Dual Batteries, USB A + HDMI + Serial X-PAK, Shoulder Strap, Flat~
~AT&T Business 1GB Fiber 1GB/1GB business static line~
~Gamber & Johnson Platinum Partner~

http://www.toughbooktalk.com
http://downloads.toughbooktalk.com/
http://www.rugged575.com - 300' UHF GMRS Radio Repeater
http://www.crete600.com - 310' UHF Linked GMRS Radio Repeater


~Emergency preparedness starts with reliable communication systems above all. Pretend the internet and cell phones didn’t exist, how will you communicate? If you’re interested in learning more, ask me!~

User avatar
Karl Klammer
Posts: 193
Joined: Tue Oct 13, 2015 3:19 am
Location: Old Europe

Re: DDOS attack!

#10 Post by Karl Klammer »

the bottleneck question remains unanswered.

just to give it one more try:
do you do dynamic routing as in ospf/bgp?
if yes: why not propagate a blackhole route for the offending source ips to your upstream isp and let them deal with it?
(remember to flush offenders list after some time, otherwise you might make it way worse)

if your isp won't allow you to talk bgp/ospf:
why not rent 1 or 2 cheap vservers w unlimited traffic (cheaper than idps licensing), setup (open)vpn between local firewall and vservers; setup dns round-robin TBT to vservers, get a new fiber public ip (unknown to bad boys) and do the null routing via (open)vpn client routes pushed to vservers? https://www.leaseweb.com/en is a good netherlands-based isp for such things. 5eur/month vservers, 50eur/month cdn. cheaper offers will most likely also exist someplace else.

better answers will also most likely exist ... once the actual problem / bottleneck has been identified and communicated.
(a network toplogy map would probably also help, big time)

Post Reply

Return to “General Toughbook Talk”