DoS Attacks.

[dobledosis]

Hi, my company is under heavy DoS attack. The attack consist in malformed UDP packets, usually to port 53, 15 minutes every night and sometimes the attack don't stop, so we have to remove the affected ip.

The attacker ip are always from hosting companies worldwide. We have been denouncing abuse but always appears new compromised servers.

We think this is a direct attack to shut down our company since servers do not respond with packets to the attacks.

The company that provides us the connectivity service can not handle 300Mbps of attacks so the service becomes saturated, the bandwith is very expensive in Argentina compared with other countries.

 

There is something we can do? Do you know some automatic system for removing the affected ip when an attack is detected?

We are working serious and in Argentina most of the gaming services are handled by two companies, so we think it's the competence, since the attacker gains nothing but shuting down us.

 

I will be very thankful for any information you can give me.

Thanks!

[CobbyJUK]

get a hardware firewall.

[Admin-Nation-Servers]

Sure get a hardware firewall that will protect the servers from crashing/overloading, however, you will still have the bandwidth problem

[shapka]

yes you actualy can do one thing ( bad one )

ddos all argentina companies ...

analize the reaction )

[dobledosis]

We have firewalls, the last attack didnt reach our servers, it just saturated the bandwith.

[Bubka3]

Well, if you have firewalls, your going to either null route the IP, or eat the bandwidth costs.

[Admin-Nation-Servers]

Either way you will eat some bandwidth, discarding the packets on the managed router will secure the servers. You can create an ACL to match the offending IP or blocks of IPs or just block the specific UDP port 53