Questions tagged [ddos]
Distributed Denial Of Service (DDOS) is the intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers (so-called zombies) which are used to stage DDOS attacks
506 questions
1
vote
1
answer
149
views
Potential Linux.Xor.DDoS - chkrootkit
I have a Debian server, and I was recently contacted by my hosting provider that my server is being used to DDoS people/servers. Is this the cause?
Searching for Linux.Xor.DDoS ... INFECTED: Possible ...
1
vote
0
answers
366
views
How to diagnose a DDOS on a home network?
I'm a user with a consumer level modem and a plain wifi router.
I have been seeing activity where for long periods of time over night, my internet connection will shut off for 10-20 minutes at a time. ...
0
votes
1
answer
151
views
I am being attacked by a DDoS tool. How do I defend against it? [closed]
I used Cloudflare's waf and created several rules to allow only a few countries to access, deny access to old browsers, and started hosting rules. Although the defense was successful, my website was ...
0
votes
0
answers
31
views
Router getting several port scans and DOS a minute from foreign IPs. Should I be worried? [duplicate]
What Happened:
I was looking at the logs in my router and saw that suddenly I started getting warnings about "port scan attacks" and "DDOS attempts" every few seconds from my ...
0
votes
1
answer
189
views
How to prevent spam attacks from rotating proxies
My website has hundreds of thousands of html pages that are open to public. Each time a html page is requested, a call will be made to my database to get the correct data. Therefore the cost of each ...
0
votes
0
answers
97
views
How to handle Microsoft FTP server being DDoSed
We noticed FTP service going down intermittently in the server and we found an FTP user was used to DDoS the server. Then we deleted the specific user from the server. After that the user "...
1
vote
0
answers
103
views
Ddos attack on the ISP [closed]
I need help in controlling my ISP from Ddos attacks it's happening for almost a month almost everyday bringing down the isp for 4 to 5 hours sometimes for the whole day anyone can help it guide what ...
1
vote
0
answers
162
views
Code to detect HTTP/2 Rapid Reset Attack vulnerability
Is there code/library to detect this vulnerability? I have been searching online and do not find any
We are using Cloudflare which has fixed the issue but government says "we may" have the ...
0
votes
1
answer
237
views
Key difference between DoS & DDoS [duplicate]
What are the key components that define them and what are the differences? are there any standard structure of it? I've looked at several papers, and some of them using as a same, and some of them are ...
1
vote
0
answers
321
views
How can I verify that my DoS attack is effective?
I was trying to simulate a DoS attack on the CORE network emulator using hping3 (Ubuntu). The topology is like three PCs connected by a router. The client's IP is 10.0.0.20/24, The server's IP is 10.0....
3
votes
0
answers
138
views
Can botnets/malicious traffic be effectively reduced on my exit nodes?
I host a small collection of TOR exit nodes to the clear net. Believe it or not, the number one complaint I get in my inbox is not due to illegal materials coming through the nodes (of which I have ...
2
votes
0
answers
2k
views
Checking IP's reputation on CloudFlare and Google [closed]
Google and CloudFlare have recently indicated that my home IP address is contributing to a DDoS or spam network.
I am frequently being checked (What is the website checking about my browser to protect ...
2
votes
1
answer
235
views
How to avoid breaking end-to-end encryption while employing cloud-based DDoS protection?
I have a few websites and apps that I need to protect from DDoS attacks. These websites and apps are delivered by various servers that sit in several small data centers around the world.
I'm thinking ...
0
votes
1
answer
141
views
icmp smurf attack
I am learning about ICMP smurf attack and for this, I have forged a packet with the following details:
source_mac_address = **??**
destination_mac_address = router mac address
char ...
0
votes
3
answers
245
views
Avoid checking passwords for dos attacks
A server gets requests with a username and password. Checking the password can be expensive, so a hacker can do a DoS attack by sending lots of requests with random passwords. No attempt to break in, ...
0
votes
1
answer
1k
views
Does a DDoS Attack affect the internet connection apart from the service it's attacking?
Lately I've been experiencing some crashes related to my internet connection, I'm on the process of pin-pointing what is causing the issue and one of those possible causes might be a DDoS attack, ...
1
vote
1
answer
405
views
Is my website under attack?
I have a web server. I was investigting why my nginx is keep crashing. I noticed a few other issues in my logs.
Note: In the log report, I replace the name of my website with example.com and my second ...
0
votes
1
answer
1k
views
Is using route 53 from AWS sufficient for DDOS protection on DNS level, or do you need to combine it with other AWS products
We have been targeted by DNS DDOS attacks. We have now migrated to AWS Route53 as these DNS servers are more resilient.
Is using AWS Route 53 enough to have basic DDOS protection? Or is it necessary ...
0
votes
1
answer
287
views
If I create multiple sockets on a single IP and create a connection with the server with each of them, can I do a DDoS?
So basically, if the server is let's say Apache or any other thread based server, so if I create multiple sockets on my machine and request the server until all of its threads get exhausted and try to ...
2
votes
3
answers
816
views
Limit REST API calls by fingerprinting and IP
I have a question regarding request limits for a REST service endpoint.
I think of course the most basic identification used to limit requests is by taking the user's IP address, but what if we have ...
1
vote
2
answers
326
views
Is Stack Exchange immune to DDoS and DoS attacks?
I have heard that DDoS and DoS attacks work most of the time and that they are used when SQL insertion and other methods fail. I know Stack Exchange has a lot of programmers, and that they have this ...
1
vote
0
answers
97
views
Opencart website getting request from random subdomains (DDoS)
We have an Opencart 3.0.3 website which is getting DDoSed, we then migrated it to AWS and noticed the same thing happening, we blocked access from all other countries except US & Canada. For admin ...
0
votes
1
answer
92
views
DDoS throttling vs deny actions
Recently I saw the Google Report about the DDoS Attack that they managed to stop. In the report, they said,
"They chose the ‘throttle’ action over a ‘deny’ action in
order to reduce chance of ...
1
vote
1
answer
1k
views
How to protect home network from DDoS attacks when assigned a static IP that is already known to attackers?
Is there something I can do in this case? My ISP says they cannot assign me a different IP. At this stage a VPN no longer helps, correct?
2
votes
1
answer
461
views
What happens to malicious traffic in a scrubbing center during a DDoS attack?
My understanding of a scrubbing center is when a DDoS is underway, all traffic gets routed to a scrubbing center where traffic is analyzed and all legitimate traffic is then sent to the targeted ...
0
votes
1
answer
371
views
How might I rate-limit in nginx against a distributed attacker that has set the number of parallel connections in xerxes to 1?
An attacker tweaks xerxes by setting the number of CONNECTIONS in xerxes to 1 instead of 8, like so:
#define CONNECTIONS 1
They then attack with xerxes-executable mydomain 433.
Their strategy is to ...
1
vote
0
answers
122
views
What other than ping tools might be suitable for overwhelming a server that has disabled its functionality of being pinged? [closed]
The following code:
#!/usr/bin/bash
TARGETS=("nalog.gov.ru" "www.nalog.gov.ru"
"customs.gov.ru" "www.customs.gov.ru"
"ffs.ru" "www.ffs.ru"
...
-1
votes
2
answers
388
views
How would routing DDoS attacks over Tor increase effectiveness?
In recent days, stackexchange has been hit by a series of DDoS attacks , leading to the blocking of Tor exit nodes.
I'm curious how a DDoS attack would be more effective when routed over Tor. From ...
0
votes
1
answer
204
views
Why do DDoS attacks spoof DNS source IPs?
Recently, a lot of my friends have been talking about botnets. They said they've created their own. Obviously, I know this is all illegal so I try not to take part in any of it.
But I've been ...
1
vote
0
answers
111
views
How are DDOS protection mechanisms setup when confidential data is involved?
Scenario:
A hospital has the records of all patients. There is an online portal where patients can login to see their personal medical data.
Since a hospital is an obvious target for any type of hack, ...
0
votes
1
answer
437
views
Basic explanation for why I'm getting different IP addresses when querying for users IP W/without VPN?
I'm trying to work out some basic knowledge of rate-limiting for my server security so I know how it works. Seems pretty simple as there are different algorithms as well as IP limiting methods. This ...
2
votes
0
answers
181
views
I'm receiving a DDOS attack. What to do? [duplicate]
Yesterday, my website bandwidth got over. After seeing the logs I saw this
This request came every 1 second (Different IP's).
Luckily I use Cloudflare. So my question is what are the other things ...
2
votes
0
answers
331
views
How to stop a DDoS attack that brought down my ISP
I'm streamer and I guess I'm good target for DDOS'ers. Those bad people know my ISP (but they don't know my IP address - ISP changed that for me when the first attack happened). It's a small local ISP ...
-1
votes
1
answer
219
views
Is it safe to conduct DDoS attack on a live server?
I am new to cybersecurity industry. I want to try if the company server is vulnerable to DDoS attack. Is it possible to conduct DDoS attack without damaging the live server?
What I mean is, my main ...
28
votes
6
answers
18k
views
Someone knows my IP and is threatening to DDoS me
Around 4 months ago, someone learned my IP, and is threatening to DDoS attack me if I am not his slave. He was breaking the Discord TOS with all kinds of stuff in my DMs. I blocked him, but one of his ...
0
votes
1
answer
233
views
Block API calls from app to stop DDoS attacks
Recently we had a discussion about the security of a mobile app we are working on. The security team requested that if a user is blocked (due to many failed login attempts), then the back-end should ...
27
votes
2
answers
9k
views
How is Google abused for DDoS attacks?
While analysing a DDoS attack on my site using CloudFlare console, I've noticed that many attack requests come from AS139190 GOOGLE-AS-AP Google Asia Pacific Pte. Ltd. with Empty user agent.
I'm ...
1
vote
0
answers
234
views
Duplicate client ids - possible ddos on rabbitmq
We are using RabbitMQ 3.9.5
There is a number of mqtt users that are being created. Each of these users is allowed to send data to its own topic. These users are not supposed to see data of other ...
1
vote
1
answer
492
views
Why are Bogons preferred in DDos attacks?
I am currently reading literature that states that Bogons are commonly used by attackers when conducting DDos attacks. I did some searching for an explanation and all I could find was that "...
1
vote
1
answer
249
views
Is a private VPS without a domain name and http entry likely to get DDOS'd for more than 5 hours?
I have written lots of client-side code but with no server-side experience, and I am planning to get a VPS for a new project. The VPS will receive encrypted data directly from a distributed program ...
34
votes
4
answers
13k
views
Is serverless code immune to DDoS attacks?
In classic hosting we have a virtual machine with limited resources allocated by hosting provider for running our web application. But with serverless code such as AWS Lambda or Azure Functions, our ...
1
vote
2
answers
204
views
Are high traffic apps and websites used in DDoS attacks?
Isn't it very simple for one rogue programmer in a big institution to add a small code change in the application/website thereby sending unintended HTTP DDoS attacks? Like is it possible for Tiktok/...
1
vote
1
answer
128
views
DDoS might be very unlikely to happen to my website but in any case a CDN that should protect from it slows my website [closed]
I humbly assume that DDoS is very unlikely to happen to my website.
A CDN that should protect from it slows my website according to my personal experience and tests (perhaps only because of the ...
0
votes
1
answer
454
views
DDOS interrupted by nmap?
I discovered one of my machines was under an ssh DDOS attack when I was looking at logs to find out why my disk was slow. The auth log was about 90M, which is kind of unusual for this machine.
I ran ...
2
votes
1
answer
356
views
How do I differentiate a DDoS attack from a DoS attack?
My server is under attack on an specific port but I am confused whether is a DDoS attack or a DoS attack (if it requires a botnet or is using some kind of trick). The entire server is available (...
1
vote
0
answers
205
views
IPSec MTU DDos attack
I have this configuration:
HOST-A <---> GAT-A <---> MiTM <---> GAT-B <---> HOST-B
I'm doing a security project on MTU-IPsec vulnerabilities and following this guide of Hal-...
0
votes
0
answers
112
views
What is the greatest factor in DoS network flow connection tempo?
I'm conducting some research on botnet detection. I'm specifically looking at Zeek/Bro connection logs (so network flows). I was wondering what affects the tempo of the succession of network flows ...
0
votes
1
answer
222
views
Why ACK flood is effective?
I understand that SYN flood is effective due to how protocol works, waiting around 75 seconds before closing the connection.
What about ACK flood, what does it happen on the destination side that ...
1
vote
1
answer
197
views
Making website queries and return a large amount of data, can it be exploited for DOS attack?
I am testing a website (bug bounty website) and found an endpoint like replycomment?cmt_id[]=1. When open on browser, this endpoint let me reply to comment with id 1 by fetching this comment into a ...
12
votes
4
answers
4k
views
Webserver DDOS protection without giving away private keys (https, tls, ssl)
What are the possible ways to protect an organization's web servers from a DDoS attack without giving away your web server's https private keys?
Many of the common solutions for DDoS protection of a ...