On 5/23/06, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
let's say that someone doesn't like me and/or a site that i run and they decide
to DDoS me. i have a couple of questions since i'm not too familiar with the
mechanics of a DDoS.
what are some methods of launching a DDoS attack?
Usually zombie boxes, AFAIK.
what countermeasures can i take against such an attack?
Try to figure out if they are using real IPs If they are DDoSing a
appliction-level service like a website then it would be difficult to
fake since the TCP handshake would have to complete, or else your site
drops them. In that case, blacklist the IPs with PF until they go
away, or at least reduce the amount of resources you spend on those.
You can also try to find out who did it and go after them somehow
(call their ISP etc).
If they are targetting lower, say, just trying to kill your IP layer
then I don't know what to suggest.
feel free to reply off list if you like ;). i am asking this here since, IMO,
openbsd has highest average "1337n355" among its user base.
cheers,
jake
