Select Page


Mitigating DDoS – Part II

Last post on Identification of DDoS attack did not cover analysis of the attack, in cases wherein bandwidth graph’s and connection status aren’t conclusive. In such a scenario, the best means is to inspect the packets coming into the server, and this can be done by examining the packets using tools like tcpdump.

tcpdump” is a popular sniffer command that does a good job. Using the switch “tcpdump -w”, one could write the output to a file, which could then be analyzed using tools like wireshark to get to the bottom of the attack. You could easily get the protocol in question, and also perform multiple filtration’s to the results. More on it could be read from here. (more…)

Mitigating DDoS – Part I

If you are a hosting provider, chances are that you’ve experienced a DoS/DDoS attack against a domain or a server. If so, you already know how frustrating it can be to tackle such an attack.

For those who are yet to feel the heat of it, its better to be prepared to identify an attack in real time. Many believe that the outcome of DoS/DDoS is disruption in service. Many a times, it does not fully disrupt the service, but the drop in quality of service leaves it in a state where it would be better if the the service isn’t rendered at all. After all, waiting 5 minutes for a web-page to load, isn’t worth it! (more…)