2021 DDoS Issue

Null · Jul 1, 2021

Margo Martindale said:
So

ask for a private address.

0x00000C1A · Jul 1, 2021

Reverend said:
PFSense does the same thing with High Availability Routing:

High Availability | pfSense Documentation

docs.netgate.com

I was mistaken that the routers would be unable to Round Robin without something in the middle to handle the traffic. Too much time in TEH CLOUD.

PFSense can be a fucking whore to set up, and its not exactly suited to handle any ddos without proper configuration. Also, you'd have to turn an entire server into a router, CCR1016 has 16 cores @ 1.2Ghz, and yet

Null said:
CPUs are all at 100%

Yet again, cpu usage is mostly dependant on firewall rules - how properly or improperly they're made. No router/switch/ASA will save you if don't attempt to mitigate it properly.

Null · Jul 1, 2021

0x0000C1A said:
Yet again, cpu usage is mostly dependant on firewall rules - how properly or improperly they're made. No router/switch/ASA will save you if don't attempt to mitigate it properly.

Well I CAN'T attempt to mitigate it properly because if it's not blocking it with overly-strict rules I can't fucking access the router management

0x00000C1A · Jul 1, 2021

Null said:
I can't fucking access the router management

You won't be able to access it on any other router either way if its kept like this, that's the joke itself. DDOS mitigation is a long process of adjusting limits until it works just right.
"Overly-strict" rules are currently a necessity - one way or the other the forum gets up and down constantly. There's no point in dicking around trying to not disrupt the website for normal users if its already being disrupted by twitter edgelords.

Reverend · Jul 1, 2021

0x0000C1A said:
PFSense can be a fucking whore to set up, and its not exactly suited to handle any ddos without proper configuration. Also, you'd have to turn an entire server into a router, CCR1016 has 16 cores @ 1.2Ghz, and yet

Yet again, cpu usage is mostly dependant on firewall rules - how properly or improperly they're made. No router/switch/ASA will save you if don't attempt to mitigate it properly.

1. Don't buy a server and turn it into a router. That's fine for playgrounds, not for production.
2. If you don't configure your FW rules no amount of money thrown at hardware will save you.
3. At a certain traffic size you buy either a service or equipment that has support so you can ask questions of People Smarter Than You how to do things.
4, Asking Autists on the internet is only going to go too far as we all have opinions on things and opinions are like assholes, they all are full of DeathFat burrito shit.

Does your Colo have any network staff on hand that you could either pay to ask questions from or support from at a reasonable if not free rate @Null ? You don't have to give them the keys to your kingdom but you could ask them if this is something that their company provides.

❄️❄️❄️ · Jul 1, 2021

Null said:
Can the switch take a 10Gbps uplink and then offer 10Gbps lines to all devices? I'm confused

Yeah - normal approach is Colo Handoff -> Router -> Switch. You only need two SFP+ ports on the router, unless you actually need to route more than just your internet traffic (You can even have a router with a single port, but not want you need - so called "router on a stick" approach with VLANs)

Most of the traffic inside your network should never need to hit the router unless you've got subnets to route between. Sorry if sounding patronising - is difference between Layer 2 switching and Layer 3 routing. As far as I can tell, your only requirement for the router is to route internet traffic, no internal demand.

Edit: Null, can you get a single 10Mb port or something similar for your management plane? I know some Colos offer it as an out of band management option, would only be for remote admin.

RealtreeByGod · Jul 1, 2021

Why don't we just take the server and push it somewhere else?

The Cunting Death · Jul 1, 2021

At the end of the day, I won't stop bullying these faggots regardless so all they're doing is delaying the inevitable

praetorianguard · Jul 1, 2021

buy an IPv6 allocation, most bouncers/booters won't be able to hit IPv6 because their botnets are mostly IPv4. cloudflare can reverse proxy ipv6 web traffic onto the ipv4 net so it works fine for users. The IPv6 space will be fucking gigantic too

you'll need to completely abandon announcing ipv4 routes on your bgp setup or the router will just get overwhelmed. for anything that isn't web traffic + outgoing. you'll need a 6to4 bridge If it needs to hit the internet. you can try and see what hurricaneelectric or another tunneling service offer

You already have a /24 so getting an IPv6 off a RIR shouldn't be that hard

❄️❄️❄️ · Jul 1, 2021

Reverend said:
. Don't buy a server and turn it into a router. That's fine for playgrounds, not for production

I'd make a specific argument here - Null needs effectively an Anti-DDOS appliance. If the best way to do that is a Linux server, then I'd go for it. Stripping crap traffic (without super expensive routers with dedicated hardware) is going to require CPU grunt over anything. This is also a web forum, not a Fortune 500 enterprise, so I'd be hesitant to reccomend the super expensive shit. Especially if the attackers just change to saturating the interface instead, which no router or firewall is going to fix

Glowie · Jul 1, 2021

Question do you have ip ranges that DDoSed the farms? Were they static or did they change location? Blanket blocking traffic from China wouldn't harm anyone for example.

The Cunting Death · Jul 1, 2021

Glowie said:
Question do you have ip ranges that DDoSed the farms? Were they static or did they change location? Blanket blocking traffic from China wouldn't harm anyone for example.

I'd assume they're doing it behind 7 proxies

Indefinite_Ordered_Sets · Jul 1, 2021

Regarding that SYN cookies, I'm not an expert, but they required additional CPU power, and considering the CPU being the issue here...
It may be better to use RST cookies instead, but seems RouterOS don't have that option.

Ch@nnel-Sh!ft · Jul 1, 2021

If I had shekels to send, I'd send them your way.

No Face · Jul 1, 2021

Can you just give priority via a reputation system?

hyde · Jul 1, 2021

the best part about the whole attack is that it accomplishes nothing long term. the only thing they accomplished is wasting their time.

Gone Ham · Jul 1, 2021

hyde said:
the best part about the whole attack is that it accomplishes nothing long term. the only thing they accomplished is wasting their time.

They also wasted thousands upon thousands of dollars too lmao

Jagraveen · Jul 1, 2021

Gone Ham said:
They also wasted thousands upon thousands of dollars too lmao

And once again, the bills come in to greet them. And their landlords are wondering why they haven't paid in three days.

Baloney Face · Jul 1, 2021

Sister services means what? The .onion thing?

GENERAL MAO · Jul 1, 2021

All of this does not add up, none of it makes any sense, is there even a confirmation on this person death is real he was not even harrassed from what I can tell, people who have 120k to give away usually are not depressed, he also had a fascination in emulating and being the best at it meaning he would mostly be locked into coding anyway... something smells wrong about everything about this situation, something is missing here feel like we are being lied to.

2021 DDoS Issue

Null

Ooperator

0x00000C1A

Un château de cartes brisé, une fin malheureuse

High Availability | pfSense Documentation

Null

Ooperator

0x00000C1A

Un château de cartes brisé, une fin malheureuse

Reverend

Avatar of Change

❄️❄️❄️

RealtreeByGod

The Cunting Death

That guy with the Oblongs avatar

praetorianguard

❄️❄️❄️

Glowie

Terry Davis' inner voice 1# on Claudio's ignores

The Cunting Death

That guy with the Oblongs avatar

Indefinite_Ordered_Sets

Ch@nnel-Sh!ft

A Sp00ky Glitch In The System (Arrest ILJ)

No Face

hyde

Gone Ham

Jack Nicholson aficionado

Jagraveen

Baloney Face

Full of baloney.

GENERAL MAO

i am not really a person