Setting Up New Network, Security Concern On DDOS
Apr 16, 2009
I am intending to setup a network as the following:
NOC1:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server1
Server2
Server3
Backup Data Bank Drive
NOC2:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server4
Server5
Server6
NOC2 are backup servers. I will need to have whatever in NOC1 to be written to NOC2, i think is call IP mirroring or RAID , not too sure
My [url]is going to have nameserver1/2 to zoneedit. Zoneedit hosts reliable DNS servers. It also support something call failover.
So if NOC1 is down, i will switch to IP to NOC2 IPs.
Now, if i face a DDOS attack, i am suppose to switch to a DDOS attack managment company (with big bandwidth and blocking), is it as simple as switching the [url]to the DDOS attack management company using zoneedit and the company will than link back to my noc1/2 ?
How does it works?
Is the way i setup the network correct?
View 14 Replies
ADVERTISEMENT
Jun 28, 2008
Any security risks with setting up server on home network? I would like to set up a computer running linux or xp as a computer on our home network. We have about 3 other computers on the same network.
My network manager says that it would be a security risk to the other computers on the network if I were to have the server running on the network. The server would be connected to a netgear wireless router and I would have ports 80 and 21 opened just for the internal ip address of the server. (for example, the server is on 192.168.0.3, and I had just the two ports open for it, while there were computers on 192.168.0.2 and 192.168.0.4).
The netgear router has a firewall built into it. Each of the other computers on the network have software firewalls. I would not have a firewall on the server, and I really don't care if someone hacks it. So, what at worst could happen? Would the other computers be at risk?
If you are a professional, I want your opinion also.
View 4 Replies
View Related
Nov 6, 2008
I have been working on quite a large project for the past few months, and have just thought of a new way to do something, so im just in the feasiblity stage of a particular component.
My question is, how secure is MySQL across a network, i.e. the internet.
Is the query string sent in plain text?
If so is there a way to secure MySQL commands over a network, so I can send "sensitive data"?
View 4 Replies
View Related
May 19, 2009
My host tells me that they have security to stop DDoS attacks and stuff, however today my server load jumped to 17.12 and my site went down giving me a "Network Timeout" error.
My host tells me it's my fault that I am using too many resources. The MOST my site has been on load is 3.06 and that was around lunch time a few weeks back. It's 11:43 and the server load is 17.12? I think my host is pulling my leg. I have not added ANYTHING new to my site and have not changed anything in 3 days. The load has been fine till today.
I use In Motion Hosting.
View 14 Replies
View Related
Jan 10, 2009
I have one VPS already and I was just wondering what would be the best way to utilise this and if anyone has any suggestions on how I could improve the network and how's best to set it up. I already have cPanel and WHM installed on the existing VPS.
View 6 Replies
View Related
Jan 6, 2008
We're a small company that has outgrown dedicated hosting. We've got 8 servers currently with a well known hosting company, but the servers are starting to get old and we're growing. The cost of moving to colo just seem to make sense to us. We have a bunch of developers, but no network engineers. That being said, we're trying to figure out what we best need to move forward with going colo.
Sometime this month, we'll be purchasing 15-18 servers from Dell. We've already spoken to Colo4Dallas and plan to use their services. So we've got the servers and colo, but have no clue what we need with regard to switches, firewalls and remote-reboot.
1: What type of managed Cisco gigabit switch do we need? We don't know the specific model(s) that would be good for us. We want a hot backup and 24 ports. We manage multiple SSL sites (not sure if this is relevent) and 250+ ip addresses.
1a: Where do we manage ip addresses? We know we'll be getting a block of 250 ip addresses, but how do we assign ip address "a" to server "1"? Can we take that ip address and move it to another server if needed?
2: What type of firewall would be best for us, based on above requirements?
3: DRAC cards are pretty expensive, so we want a IP KVM switch. Any recommendations?
4: Remote reboote -- I've seen power strips out there that do this -- is that what we need, or is there another method we should consider?
5: Is there a company available in Dallas that we could hire to help us with these questions, or in setting everything up once we purchase the equipment?
We're not looking for the cheapest solutions, but the best ones.
View 14 Replies
View Related
Aug 28, 2007
I have about 7 hosting accounts, am a member of over 60 forums and have many other services that require passwords. Generally, I use the same or similar password. However, recently I have been getting more and more hacking of my sites going on and I worry if it is due to my password "system" (or lack of).
How do you go about creating your passwords, and remembering them?
View 2 Replies
View Related
Apr 6, 2007
Here are the IP's. They are apparently offering 1U for $49 with 150GB of bandwidth. The IP's they gave me are
66.7.148.1
207.106.22.1
209.120.245.1
The IP's seem great, however I come to discover that their website www.unisecure.com is in part copied from coloquest.com. Specifically if you look at the FAQ page and pricing information. Therefore I am curious as to if any of you have heard of them, used them or have any thoughts regarding them.
Lastly, I am in the market for some cheap co-location. I have an older box I want to use as a SAN backup system (i.e. 866MHZ P3 with 512MB Sdram). Not all that impressive I know, but why purchase new equipment when it can get the job done.
View 3 Replies
View Related
May 13, 2008
I am building a website which require a data feed from a third party data provider. I have to fill out a 'questionair' when submitting my application and I'm not sure what to put for this questions.
Question: "Have you run a vulnerability assessment of network security? What is the current assessment rating?"
I Google'd for security rating but came up blank, without any useful result. Is there a level like 1-5 or something for network security rating? I m not sure what to put on here.
I'm not against getting a shared/virtual hosting account if the a host could provide me with these ratings.
View 2 Replies
View Related
Oct 4, 2007
From last 2 days I am trying to browse a website locally in FC6 but not getting any sign of success, this site is not live yet.
Website is access through IP but my some application need the website accessing with domain name.
Dns zone file is existed all services are running
What exactly I am missing..
View 2 Replies
View Related
Feb 2, 2008
My company is conducting an investigation against an unidentified entity which I currently believe to be Russia Business Network ( [url]
On at least two occasions we have had customers with only minor DDoS issues (let us say 100 - 1000 Mbps at peak) suddenly experience 2 - 4 Gbps attacks which require a $100 to $500 service to jump to roughly $2000 - 5000 per month depending on exact specifications. Naturally this type of issue is not good for the business of our customers and subsequently not healthy for ours.
On each occasion an unnamed individual (I know who they are but I will reserve judgment at the moment) will come forward offering to let our customer try a "special new" protection product they developed that can protect against 10 Gbps for only $2000 which is sometimes a fraction of what my company or any other respected mitigation provider would be forced to charge.
Here is the network they end up on: [url]query=SBL62147 .. and up goes another red flag. When you take a look at this network it routes to ELTEL in St. Petersburg, Russia ( [url] which based on some basic analysis I very seriously doubt has any form of mitigation capabilities, much less multi-Gbps.
Essentially what is happening is they're buying "protection" for $2000.00 per month from the "company" who is actually committing the attacks when in reality that end user has no significant DDoS issues.
I'm actually sitting on a lot more data than this but I need to collect some more data and opinions on whether or not this is linked to RBN. Once my investigation is complete I will issue a full report.
View 14 Replies
View Related
Sep 6, 2008
intend to hire someone to setup a server at my house. I will communicate with my isp in order to get a permanent IP. The reason I am doing this is I get too frustrated beings ddos'ed and even gigenet proxyshield cannot help me becuase of DMCA and other things.
Once I will have my server up and runnings, do you think it is possible to setup a ddos protection software/hardware ? If it's possible, do you have recommendation/lead for me so I can start looking at ?
View 14 Replies
View Related
Mar 28, 2007
In previous posts in this forum I was talking about having each server have an internal and external network connection but people point out that as they were load balanced it was a bad setup
I am now looking at setting up a VPN to access the internal servers that are load balanced. Does and one have any recommendations for good tutorials or sorftware that I can use on debian?
View 4 Replies
View Related
Nov 5, 2008
We must install Dell 1950 With Centos 5 and WHM/Cpanel
How to setting 2 onboard NIC to fail over
The second card have same IP and must start only when the first is down.
View 2 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
Oct 14, 2009
any experiences to report about purchasing used / refurb gear from either Network Liquidators (nweq.com) or Network Hardware (networkhardware.com)?
View 12 Replies
View Related
Oct 8, 2009
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
View 12 Replies
View Related
Apr 9, 2009
I've been getting VERY high packet loss to my VPS for around 10-15 minute periods over the past month or so (No patterns or specific times, totally random when it occurs) with my provider's Parallels Business Automation control panel reporting "Server is down" along with the VZCP on the node being inaccessible. I opened a ticket with my provider and they told me that they experienced a DDoS attack on the node my VPS was hosted on.
However, I get the feeling that they are giving me some crap to stop my pestering them about the packet loss all the time (I mainly use my VPS for providing VoIP services which use UDP so the packet loss is devastating).
Anyone got any views on this?
Also they keep offering to move me to a diffrent node but they say they can only do that by giving me a new IP address and I would have to backup all the data and restore it manually, myself. Any views on this as well?
View 5 Replies
View Related
Jun 6, 2009
I'm experiencing a significant UDP DDoS at the moment which is aimed at port 80 on my server, it's currently crippling Apache, but only on port 80, https (443) is fine. I've told iptables it drop UDP packets sent to port 80 and have also completely blocked most of the attacking IPs, this has helped, but the webserver is still periodically unresponsive.
View 11 Replies
View Related
Jun 9, 2008
We are getting ddosed badly.. Last night httpd reached max clients and httpd wasnt able to start up.
View 3 Replies
View Related
Feb 4, 2008
we had a bad ddos to on of the sites we were hosting, the ip of the ddos was blocked in apf and iptables, but for some reason it still got through we had to have it blocked in the router, we installed CSF into our server hoping for a better firewall does anybody know why apf could not hold back the ip im open to suggestions,
View 2 Replies
View Related
Dec 9, 2008
I have got pretty big problems with my VPS, some of my sites getting DDoS'd a log. I have no idea why and who DDoSing them
I have csf, apf and DDoS Delfate installed but it seems they can't take those attacks down. I know for mod_evasive but it works only on small attacks, I getting pretty strong attacks
I need some way to configure csf better, what I need to edit in /etc/csf.conf to block IPs if the same IP trying to connect to server more that 10 times. I need everything what I could edit for csf to block IPs faster
About DDoS Deflate, he is configured to works with apf, can I configure it to works with csf and how? How to configure DDoS Deflate better, to block IPs faster
Also, another problem with csf is that when I restart csf(service csf restart) he unblock all blocked IPs and I have to block them again
How to see blocked IPs by iptables?
I running lighttpd at the moment but I thinking to change it with Litespeed(free edition), what do you think about it?
I hope I will get some help here. Aslo,would be interesting to hear how do you guys protecting your servers from DDoS(if you getting DDoSed
View 10 Replies
View Related
May 27, 2007
we have a 100mbut connection and with a normal traffic we use about 40-50mbit but from friday seem that we are under attack this is the stats from the fastethernet
inbound 20427 ucast pkts/s
outbound 5547.5 ucast pkts/s
inbound 85793.9 Kbit/s
outbound 8211.98 Kbit/s
we have reach also for 4 hours 100mbit and all the server was offline, we have contact the datacenter and they say that not is a ddos attack because the traffic come fom our server and not from outside the net, so look as we have a hacked server that is making all this traffic, how can w found the problem? we have about 130 server on this connection
View 2 Replies
View Related
Aug 18, 2007
If you were under a DDos attack, what commands would you execute to confirm this?
Is it normal for high traffic sites with 3,000 concurrent apache connections from running this command?
netstat -n | grep :80 |wc -l
View 13 Replies
View Related
Dec 28, 2007
what would happen if you changed the server IP to 127.0.0.1?
View 4 Replies
View Related
May 29, 2009
My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..
netstat -an | grep :80 | sort
and the result is this
tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK
tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK
tcp ....
View 14 Replies
View Related
May 29, 2008
The DC installed Squid. It manages the load fine but the php code on my page is cached and doesn't work.
Is there a way to get squid to not cache php? in that httpd can directly call php while squid does everything else?
View 1 Replies
View Related
Apr 16, 2009
Hey guys If there was a way to have the ips of the dedi change constantly would this help prevent ddos attacks or would there be no difference if the domain was being attacked.
View 2 Replies
View Related
Nov 6, 2007
OK well today I found out my server was being DDOS'ed
And I know which domain is being attacked with hundreds of IP's. I am running Cpanel / WHM but I have no idea how I can stop this?
Any ideas or suggestions? Maybe redirect the DNS? to a invalid ip? But I'm not sure how i can go about doing that?
View 9 Replies
View Related
Sep 16, 2007
I have a problem with a customer. For the last 48 hours he has been receiving a massive DDoS at his server. I tried blocking the darn IPs but they keep coming and with several hundreds of connections each:
104 78.157.168.98
125 83.226.157.91
126 89.103.109.65
131 89.12.150.23
135 84.251.196.78
135 86.122.0.135
135 91.127.235.86
154 84.24.14.41
160 193.216.140.101
331 89.151.8.78
419 78.0.103.64
Apache has over 14000 connections. I tried using mod_evasive but didn't do anything and the server has been out without httpd for hours now. Any advices? This is a Hsphere server (I hate it personally) with 4GB RAM and a dual optero 246. I have the mexclients setting at 550.
View 14 Replies
View Related