Did you try calling your ISP and asking if they have a DDoS mitigation/protection system or service?
-n On Tue, Feb 22, 2011 at 12:29 PM, Justin Ellison <[email protected]> wrote: > Hi all, > Well, don't I feel "special" - we're being hit with the first DDoS in > company history. While I'm no stranger to what they're about, I've never > actually experienced one before. I'm aware of how most of them have an IRC > command channel, and that without reverse-hacking and potentially breaking > some laws I won't be able to determine the source. > Initially, to get the site back up, I ended up blocking APNIC, RIPE, etc > (anything not ARIN), which worked, but we do some international sales, so > that's not a long term solution. > For phase 2, I hacked a quick script that examines our webservers' last 20K > Apache log entries, and looked for the behavior of hitting the home page > > 100 times without hitting any other pages in those 20K entries. I then > wrote an expect script that takes those IP's and adds them to the shun list > on our ASA's. > This is working for now, and our shun list is at 5K IP's and growing. > However, my script has some inherent latency in it, and is not what I'd > call "production material". It was hacked together at 3am and I'm shocked > it even runs at all. > So, with that in mind, how do people who see these type of things frequently > deal with them? Another company we deal with has recommended we get in > touch with RioRey and Radware -- I've never dealt with either of them. In > fact, I hadn't even heard of RioRey until today. > Also, are there any "known zombie" blacklists out there that are fairly > reputable? > Sorry if I'm rambling, but I'm running on caffeine and cold medications at > this point. I'd love any tips/pointers anyone of you could share. > Justin > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > -- ------------------------------------------- nathan hruby <[email protected]> metaphysically wrinkle-free ------------------------------------------- _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
