Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-24 Thread frnkblk
mitigate the issue …. or you need to change to an ISP that can do that. Frank From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of john boris Sent: Wednesday, March 23, 2016 10:47 AM To: Chris McEniry Cc: tech@lists.lopsa.org Subject: Re: [lopsa-tech] Questions

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread Christopher A Mceniry
If I'm reading that right, and it's serving public DNS, move that off - Dyn and Route53 have been useful. I know in the former, you can do hidden master. Haven't set that up in the latter but would be surprised if it's not possible. The assumption here is that DNS is being the beacon they're usi

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread Edward Ned Harvey (lopser)
> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] > On Behalf Of john boris > > Here at $WORK a few of our sites that use the same ISP have been targets of > DOS attacks at random times. Part of my department handles the network to > our sites and the ISPs answer has been

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread john boris
Some more information about my "quest".The sites are schools in our "district" and all of our Web sites are hosted elsewhere. The attacks are against our main gateway which acts as a DNS server as well. On Wed, Mar 23, 2016 at 11:32 AM, Chris McEniry wrote: > Part of the reason DDoS mitigation a

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread Jason Barbier
The way I've handled it to this point with my sites and it has worked well is various firewalls (mostly OpenBSD PF is what I use) allow you to establish what an overload looks like. so I set mine up that if you establish 10 connections in 5 seconds it tosses you onto the overload list and just does

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread Chris McEniry
Part of the reason DDoS mitigation advice doesn't have a whole lot of concretes is because it really depends on your own traffic and secondarily on your attacker - so summarizing them all becomes problematic. DDoS Mitigation stems from the theoretical question of "How do you only allow 'good' t

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread Derek Murawsky
Depends on what type of DDOS. If it's web based, services like CloudFlare can help a tremendous amount with very little engineering work on your team's part (most times). I've heard of it being implemented in hours. If it's more a network level issue, then nothing will really help except rigorous f

Re: [lopsa-tech] Questions on handling DOS attacks

2016-03-23 Thread Ski Kacoroski
John, Several school districts in WA have also had problems with DDOS attacks. The solutions have ranged from: * Get a DDOS box that helps to manage and dump the traffic such as Forti DDoS 900B, Cisco firewall with IPS, or run fail2ban on a linux server: https://www.garron.me/en/go2linux/f