Another DDoS attack?

originally posted by: pl3bscheese
a reply to: StargateSG7

Honestly I'm not sure you truly know what you're talking about in some of these posts. The last one sounds a bit like a pfsense build, which is easy enough, but there's no dlink routers that have the capacity to challenge a firewall appliance with specifically engineered coprocessors.

I'll definitely give some of this a go at some point, but it looks like a bit of a time waster and I've not got much of that to spare.

===

What needs to be done is IP address filtering based upon geographic location,
domain ownership, (which GENERALLY can be gotten from the address itself)
and other criteria which just needs some software mated to cheap hardware.
MOST routers already have firewall rules which you can enter to filter an overly
large number of incoming connections and ping requests which MAY be coming
from a given domain, ip address range or ownership.

My suggestion was to flash upgrade older routers to filter those requests
using custom firmware. YES I know it's mostly beyond the abilities of
ATS and ATS users but I am talking from personal experience in an
environment where we move MULTI-PETABYTES (1000+ TERABYTES !!!)
of data per day across a very large country (Canada).

In fact, we are larger than Telus (Canada's version of Verizon telco)
in terms of total data moved per day. That's why we lease Dark Fibre!

My personal idea is to get a Sonicwall firewall appliance
for a few grand and put it between your Telco router
and the greater internet. That will stop MOST DDOS attacks!

You need to make sure it can handle teh throughput.
MY SUGGESTION IS THE FOLLOWING:

Link to SonicWALL NSA series of firewalls:
www.sonicwall.com...


Dell SonicWALL NSA 4600
Dell sells it for $4759.00

It has enough capacity to handle MOST DDOS attacks on the ATS website.

The REALLY HIGH END VERSION

Dell SonicWALL NSA 5600 at $9349

is BEST but of course it's nearly twice the price!

That is my suggestion.

P.S. If you want the TRULY HIGH END OF THE HIGH END
OF FIREWALLS these are F-A-N-T-A-S-T-I-C:

www.dell.com...~ck=anav

up to 40 Gigabits per Second throughput.

I just wanted to pop in for brief moment and say that ALL ideas from our membership are helpful.

Thanks, everyone.

I can't get in from my 'browsing' tablet. Everything's good from this system I've got logged-in (except pictures).

a reply to: Martin75

I would totally pay $5 a month for ATS, without question.

Love the #2 idea too! A tinfoil hat would have to be worn while singing, of course.

The though of ATS becoming no more is absolutely heartbreaking....

a reply to: Djarums

Heres an idea...

Get someone on the site to back trace every DDoS attack to a unified source, a source in common with every computer involved, and then burn the origin point. I mean literally get a member to develop software that can burn hardware remotely. I mean burn the mother board of any bottom feeding lump of nut sweat that DARES interfere with our freedom to discuss the issues of the day in this beautiful place...

If I had any god damn money, if I had any God damned power, if I had the slightes material resource to offer, I hope the user base and the staff and administrators of this site would be aware, that I would offer it.

I feel so useless, but I cannot be without this site. The internet needs it, the members need it, and I need it. And yet I have no resource to offer.

I will tell you this though... You ever find an address I can get to for the scum that keep DDoSing the site, and I will mail pieces of them to the four compass points before you can say disproportionate response to stimuli.

a reply to: TrueBrit

Remind me to be nice to you True ...

😎

originally posted by: Timely
a reply to: TrueBrit

Remind me to be nice to you True ...

😎

Ahahaha! That is one passionate and awesome man!

True, I feel pretty useless too and don't have anything to offer really. Can you imagine the withdrawals some of us would have if the site was no longer here? Kind of reminds me of one year when there was a horrible storm and a big beautiful tree fell and was removed across the street. There was this one bird that just kept staring at where the tree used to stand and hopping around tweeting away and would not leave. It just kept looking at where the tree was supposed to be in disbelief. My heart broke for that little bird. So ATS would be the big beautiful tree that fell and we would all be the poor little bird left in shock.

a reply to: Night Star

Indeed.

There are too many people playing the part of the little bird in this world already. Let's hope we do not end up joining in!

originally posted by: TrueBrit
a reply to: Djarums

Heres an idea...

Get someone on the site to back trace every DDoS attack to a unified source, a source in common with every computer involved, and then burn the origin point. I mean literally get a member to develop software that can burn hardware remotely. I mean burn the mother board of any bottom feeding lump of nut sweat that DARES interfere with our freedom to discuss the issues of the day in this beautiful place...

If I had any god damn money, if I had any God damned power, if I had the slightes material resource to offer, I hope the user base and the staff and administrators of this site would be aware, that I would offer it.

I feel so useless, but I cannot be without this site. The internet needs it, the members need it, and I need it. And yet I have no resource to offer.

I will tell you this though... You ever find an address I can get to for the scum that keep DDoSing the site, and I will mail pieces of them to the four compass points before you can say disproportionate response to stimuli.

===

The SCUM you're talking about is many times your own government!

See US Air Force Academy Cyber Competition Team:
www.facebook.com...

and
Academy Center for
Cyberspace Research
HQ USAFA/DFCS
2354 Fairchild Drive,
Suite 6G-101
USAFA, CO 80840
719 333-3945 (phone)
719 333-3338 (fax)


www.usafa.edu...

and the biggie:
Air Force Space Command Network Operations Security Center (NOSC)
at Peterson Air Force Base in Colorado Springs, Colorado.

www.peterson.af.mil...

QUOTE:

PETERSON AIR FORCE BASE, Colo. -- Gen. William Shelton, Air Force Space Command commander, officially opened the new 561st Network Operations Squadron's renovated operations center April 28 here. As part of the larger Air Force Information Network, the 561st NOS is one of three squadrons of its type in the Air Force, all belonging to AFSPC's 24th Air Force.


UNQUOTE


That fairly newish Cyberwarfare academy in
Colorado Springs uses ATS as a practice website
for hacks (one of many they use!). The NSA
mostly want to prevent certain subjects
being brought up in ATS tech and Political
forums and you get the odd Chinese/North Korean
hackfest using ATS as part of a wider DDOS attack target.

Again get a Firewall appliance or a multi-homes system.
Even OLDER sonicwall appliances from ebay are pretty
good at preventing DDOS attacks.

Just make sure the firewall throughput matches
your bandwidth (i.e. if you have a gigabit of data
throughput then get one gigabit of network
throughput firewall!)

a reply to: StargateSG7

You really think any firewall will stop a DDoS attack? It won't.

Firewalls don't make you invisible or invincible. They just stop bits and bytes from coming in or going out.

If you attack a firewall with a DDoS then you'll have the same effect as attacking a router or website. It will go down or freeze as it can't cope with the amount of traffic.

originally posted by: TerryDon79
a reply to: StargateSG7

You really think any firewall will stop a DDoS attack? It won't.

Firewalls don't make you invisible or invincible. They just stop bits and bytes from coming in or going out.

If you attack a firewall with a DDoS then you'll have the same effect as attacking a router or website. It will go down or freeze as it can't cope with the amount of traffic.

---

Interesting that our 40 Gbits/sec firewalls/routers
SEEM to be able to deny DDOS attacks several times
an hour. Those bytes are gone and the DDOS attacks
eventually go away as we ping back and the telcos then
start shutting those connections down near the source
after we keep sending lawyer letters to the telcos.

YES I know ATS isn't anywhere near our daily traffic
(Petabytes+/day) but at the very least a better firewall
appliance can REDUCE the DDOS traffic enough that
real packets start getting through.

Seriously! A cheap Sonicwall from ebay with
one gigabit throughput IS A START! Just remember
to set the firewall rules correctly.

Some help for you:

How to configure the firewall to mitigate DDoS attacks. (179044) (Dell Computer - Sonicwall)
support.software.dell.com...

Can your Firewall Block DDOS attacks?
Why firewall rules are so important and why OTHER measures
are need on TOP of just a firewall:
blog.radware.com...

15 Ways to Stop DDoS Attacks in your Network:
securitywing.com...


How to prevent and mititgate DDoS part 1?
www.wedebugyou.com...


The DDoS myth about the firewall and the IPS:
www.corero.com...

Defeating DDOS Attacks:
www.cisco.com...

What is a DoS Attack and how does it differ from a DDoS attack?
security.stackexchange.com...


The Reverse Firewall:
Defeating DDOS Attacks
Emanating from a Local Area Network

www.cs3-inc.com/pubs/Reverse_FireWall.pdf


===

Unfortunately there is NO SINGLE MAGIC SOLUTION but you can
use a COMBINED SERIES of techniques using web protection
appliances, firewall rules and your telco to at least MITIGATE many
Denial-of-Service (Dos) and DDOS (Distribributed Denial of Service)
attacks. Ideal you can simply overwhelm a DDOS using high throughput
firewalls, large telco bandwidth and bigger servers to take the brunt
of the DDOS attacks therefore lessening their impact on real ATS users.

a reply to: StargateSG7

We have DDoS mitigation through a service provider. However, because of the monthly expense, we only "turn it on" when attacked, then leave it on for a certain amount of time.

This time, however, we're considering leaving it on indefinitely as there have been several follow-up attacks (that have been mitigated).

a reply to: SkepticOverlord

Love your work SO.

Thank you.

I wonder if the Hillary campaign/Correct the Record is orchestrating this?
This site has the most uncensored information in one place that I have seen with the truth about the Clintons.
If anyone would love to see this site shut down, it is them.

a reply to: BlueAjah
Could be Trump. I think it's Trump.

a reply to: Phage

Nah... nobody hides criticism of Trump on other media, including MSM.
Nothing said about him here is anything that can not be found all over the Internet.

Hillary... totally different situation.

So what do you guys think ?

Are government shills doing this because they hate the way we spread anti-government rhetoric and how we try to bring about the truth with regards to all the dirty rotten corrupt crap they're pulling on a daily basis ?

Or do you think it's just snot-nosed kids with nothing else better to do ?



But you have to ask yourselves: Why ATS ? And why so often ?



Yep. The snot-nosed kid theory just doesn't cut it for me when you step back and look at the bigger picture.

originally posted by: SkepticOverlord
a reply to: StargateSG7

We have DDoS mitigation through a service provider. However, because of the monthly expense, we only "turn it on" when attacked, then leave it on for a certain amount of time.

This time, however, we're considering leaving it on indefinitely as there have been several follow-up attacks (that have been mitigated).

Just a suggestion here but I just saw an older
SonicWALL E-Class E5500 Enterprise NSA Network
Security Appliance Firewall for a mere $1050 on Ebay:

See link:
"http://www.ebay.com/itm/SonicWALL-E-Class-E5500-Enterprise-NSA-Network-Security-Appliance-Firewall-/262490273969?hash=item3d1da3b8b1:g:f7cAAOSwnNBXZt HO"

which has One Gigabit of Anti-virus throughput
and up to 3 Gigabits of deep packet inspection
throughput --- it just MIGHT work for you as a
PRELIMINARY DEFENCE SYSTEM you can always leave on
between your network router and the telco connection

It's better than relying on JUST the telco and with
its good firewall rules it can protect against SOME
of the major port scan-attack, botnets and DDOS
attacks. (i.e. PingFlood)

for only $1050, it may be older but it is STILL a GOODIE
in terms of BASIC internet server-class firewall protection!

hope it helps!

I use the model one above the E5500 at home so I know
its good for MORE THAN JUST BASIC server internet connections!

originally posted by: CranialSponge

Yep. The snot-nosed kid theory just doesn't cut it for me when you step back and look at the bigger picture.

Actually, it's totally logical for the snot-nosed nerds to target this kind of site. Think about it. We're a forum full of the biggest collection of paranoid losers out there. Little harsh, but sums up how the CT crowd is viewed. That's low hanging fruit to ddos, not a shocker.

a reply to: Nyiah

I would think that snot-nosed kids might have more fun attacking online MMO games and Hello Kitty fansites, instead of this place.

Particularly when they can't wrap their brains around half of the stuff we talk about around here.