That's an assumption you should never make.

_________________
blog.brokennetwork.ca

good point.

_________________
I want to work with the Internet Engineering Task Force (IETF) and standardize a WTF protocol. It would literally be a "What The F**k" protocol for when NO ONE can figure out where the f**k something went wrong.

Non-Cisco forum http://networkinghelp.freeforums.org/index.php

OK, enough with the philosophical "Don't be a sheep" speech...

Generally when someone starts talking about "IPv6 being built with security in mind" what they are talking about is IPsec. IIRC IPsec was originally created to be part of the IPv6 spec, and was back ported to IPv4. So basically you (theoretically) can encrypt any IPv6 stream using the IPv6 IPsec extension headers. Not every vendor has gotten this far in the IPv6 implementations.

How does this help you and your problem? It doesn't. IPsec (and really, any security) is in no way related to DDoS. You can encrypt your traffic all you like, but if someone shoves 2Gb/s down your 50Mb/s internet connection you're FUBAR.

Firewalls may offer some protection in that they can filter out certain types of DoS attacks before they reach your server, but at the end of the day if someone shoves 2Gb/s down your 50Mb/s internet connection you're FUBAR.

The only thing you can do then is contact your ISP and get their help. They have the Big Iron needed to filter that kind of traffic before it ever reaches your firewall.

_________________
blog.brokennetwork.ca

thank you for getting straight to the point. If i get dossed again I'll contact my ISP and see what they can do.

_________________
I want to work with the Internet Engineering Task Force (IETF) and standardize a WTF protocol. It would literally be a "What The F**k" protocol for when NO ONE can figure out where the f**k something went wrong.

Non-Cisco forum http://networkinghelp.freeforums.org/index.php

I would contct them before and ask them what they could possibly do if it happens again


Sent on the move...

_________________
www.mellowd.co.uk/ccie/

still, i would like to know what kind of DOS attack im getting. How can i tell what type is being implemented on me?

_________________
I want to work with the Internet Engineering Task Force (IETF) and standardize a WTF protocol. It would literally be a "What The F**k" protocol for when NO ONE can figure out where the f**k something went wrong.

Non-Cisco forum http://networkinghelp.freeforums.org/index.php

If you captured some of the traffic using wireshark, that would give our Internet Scientists something to work from.

As a completely off-the-cuff guess, it's going to be something like LOIC or LCF.

Its the kind of DDOS attack that makes your site go offline.

_________________
_______________________________________________________________________
There are 10 types of people in the world. Those who understand binary and those who don't.

What makes you think you're even under attack?

Sent from my GT-I9000M using Tapatalk

_________________
blog.brokennetwork.ca

im not under attack right now. But i know whos attacking me, and i know hes DDOS many people before. I've seen him take down servers before. So whenever i come in contact with him, he tends to DOS me just because he can. I lose connection to everything ONLY when hes around. Hes become infamous in a sense. Hes basically "im guna DDOS you, so bye" and then i go offline.

_________________
I want to work with the Internet Engineering Task Force (IETF) and standardize a WTF protocol. It would literally be a "What The F**k" protocol for when NO ONE can figure out where the f**k something went wrong.

Non-Cisco forum http://networkinghelp.freeforums.org/index.php

Is it the tracer-t guy?

_________________
"See packet, be packet, you are packet. Ignore all else!" -The Networker
packetsdropped.wordpress.com

not sure what you mean by that =S

_________________
I want to work with the Internet Engineering Task Force (IETF) and standardize a WTF protocol. It would literally be a "What The F**k" protocol for when NO ONE can figure out where the f**k something went wrong.

Non-Cisco forum http://networkinghelp.freeforums.org/index.php

hmmmm. this guy sounds like a real troll.
you know you could set up a nice honey pot server for him to attack and then setup some monitoring so that you can analyze his attack vectors, then see if there is a way to block it or beat him at his own game.
is he a full on hacker or just a little script kiddy.

_________________
CCNA, CCDA, CCNA-SECURITY

hes not really even a hacker, just a DDOS God. Hes not a little kid. Hes an adult. He knows what hes doing, but he doesnt care that he does it.

_________________
I want to work with the Internet Engineering Task Force (IETF) and standardize a WTF protocol. It would literally be a "What The F**k" protocol for when NO ONE can figure out where the f**k something went wrong.

Non-Cisco forum http://networkinghelp.freeforums.org/index.php

DDoS God eh?
I'd love to see what he is doing and how.

if you can set up a little honey pot for him to attack and setup some monitoring.

see what type of traffic he is sending. if he is doing a SYN flood, it is pretty easy to filter out with a firewall without interrupting gameplay connections.

you can do it with a cisco switch (can get one dirt cheap on ebay) and configure one port as a SPAN port, then connect a lappy to the SPAN port and open wireshark.
put the switch between the WAN connection and the server.

_________________
CCNA, CCDA, CCNA-SECURITY

Man am I out-of-date with my knowledge on attack tools. Other grand implements are hping and loris derivatives (like PyLoris).

Normally denial of service fits into 2 areas

1) a protocol attack
2) a bandwidth attack

My money is either on your not monitoring your bandwidth correctly or a protocol attack - given that outbound is affected as well me thinks that it is simple half syn attack maxing out the state table on your firewall.

So I would either decrease your tcp timeouts or buy a firewall with more memory/ better tcp options.


p.s. this guy is not a ddos or a dos god - this is nothing short of a script kiddie is a LOIC