On Thursday 20 Mar 2003 12:49, Webadmin wrote: > We've been getting some DDOS attack recently, due to this I was just > wondering if we use some network traffic control techniques in order to > reduce the risk of having the DDOS attack?? is this possible after all?? > can we use the traffic control techniques in order to redu reduce the DDOS > attack??? I don't think you can reduce the "risk" of being under attack. What sort of an attack are you under? Ping/ICMP flood? Or just a lot of robots killing your web server with seemingly valid requests? If you are having your bandwidth between your router and your ISPs all used up by the attack, then you may be out of luck, as congestion and dropping will most likely occur before any valid traffic gets through to you. OTOH, if it is just your server load that is being affected, then yes, you could potentially do something about it, provided you have some bandwidth to spare. You could block or reduce the priority of the offending traffic. You could also analyze logs what hosts are consuming a large amount of resources, or analyze the headers they are sending, and try to separate valid traffic by that. Then, just drop all traffic to/from the offending hosts completely, or reduce their traffic to a minimum priority. You can do this using ipchains/iptables and setting fwmarks on packets to/from relevant machines, and then filtering on fwmarks. Ideally, you might be able to ask your ISP to filter out the offending traffic before it hits your local router, so it doesn't consume your bandwidth, but that depends on what they are able/willing to do with their network setup to help you out... I think you will have to be a little more specific about the type of attack you are under for any more specific suggestions... Regards. Gordan
