We just got hit by this guy.. -----Original Message----- From: hlds-boun...@list.valvesoftware.com [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of John Sent: Sunday, January 24, 2010 10:46 PM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rival servers
You mean an ACL. Routing is destination-based. A null-route would send traffic _to_ that attacking IP to the "null" device, but it wouldn't prevent incoming traffic _from_ that IP from coming to him over the pipe. He could ask for a null-route of his server IP to keep traffic off the circuit, but it doesn't sound like that's what he's looking for. Some NSPs/ISPs won't apply ACLs, but will apply null-routes (to your IPs only). The better ones will do both. You are right that he should talk to his provider about this, and hope that his provider will be willing to throw up an ACL. Blocking an attack that floods the circuit is entirely in their hands. -John -------------------------------------------------- From: "DLinkOZ" <dlin...@fragonline.net> Sent: Sunday, January 24, 2010 5:49 PM To: "'Half-Life dedicated Win32 server mailing list'" <hlds@list.valvesoftware.com> Subject: Re: [hlds] ST3Gaming.com using100mbit connection to DoS rivalservers> Right, so call your provider, ask to put in the null route and enjoy your > weekend. I honestly did not think I'd have to go into such obvious detail > to make a simple statement. If you aren't in a position to perform such a > task, then you make a phone call. I suppose I assumed that was obviously > simple and didn't need explanation... > > > > -----Original Message----- > From: hlds-boun...@list.valvesoftware.com > [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Blood Letter > Sent: Sunday, January 24, 2010 2:42 PM > To: hlds@list.valvesoftware.com > Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS rival > servers > > > Uh, null routing is simply a routing rule that indicates that packet > should > be dropped without any further processing. > > The suggestion was to " just null route the source and enjoy the weekend". > You can't do it at the ISP level unless you talk to your ISP. > > >> From: dlin...@fragonline.net >> To: hlds@list.valvesoftware.com >> Date: Sun, 24 Jan 2010 14:28:56 -0600 >> Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS > rival servers >> >> Seriously? Do you not know what null routing is? It's exactly what you >> said later in your email. Your bandwidth provider routes that source >> straight to the nowhere. Not sure why you think it's done on the server. > >> >> >> >> -----Original Message----- >> From: hlds-boun...@list.valvesoftware.com >> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Blood Letter >> Sent: Sunday, January 24, 2010 2:08 PM >> To: hlds@list.valvesoftware.com >> Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS rival >> servers >> >> >> Uh, because the packets come over the wire and your NIC has to handle >> them >> all regardless of HOW you handle them? >> >> You can NOT solve a DoS attack through ANY use of firewalling or routing > at >> the target end. >> You MUST cut the attack off as close to the source as possible. >> >> An attack like the one described here is simple enough to fend off >> because >> it's coming from a single source over a relatively low bandwidth pipe. >> Your ISP should be able to block it at their border routers and the > constant >> knocking shouldn't put any load on their equipment. >> If it continues, and if they get around to it, they can then report the >> activity to their peering partners (other ISPs) to get them to block the >> traffic at their end. If the behavior persists, this continues until >> eventually the source is cut off. >> >> A distributed attack is much harder to cut off, because it has many > sources. >> A distributed attack can bring down major connections. >> >> >> >> > From: dlin...@fragonline.net >> > To: hlds@list.valvesoftware.com >> > Date: Sun, 24 Jan 2010 13:43:57 -0600 >> > Subject: Re: [hlds] ST3Gaming.com using 100mbit connection to DoS >> rival servers >> > >> > Why not just null route the source and enjoy the weekend? >> >> _________________________________________________________________ >> Hotmail: Powerful Free email with security by Microsoft. >> http://clk.atdmt.com/GBL/go/196390710/direct/01/ >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, > please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds > > _________________________________________________________________ > Hotmail: Free, trusted and rich email service. > http://clk.atdmt.com/GBL/go/196390708/direct/01/ > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
