>>
Site Map
>>
Forums
>>
Patched 7.6.0.3.x
Forum module - topics in forum:
Patched 7.6.0.3.x - Questions, Comments and Bug Reports for nCo Patches
Ddos
Just wondering whats going on with Nuke Sentinel and not blocking Ddos attacks..I went to bed last night and woke up this morning and had 145 Guest online and not a one registered..lol...so that pretty much gave it away..I have Ddos Protection set to on in the NS Admin panel and block proxies at a strong level but still seems to be allowing it..I have searched everywhere for an answer and have failed to find one. so I decided since this is my favorite nuke site and i'm using NcO Mod 7.6 3.1 and Nuke Sentinel 2.4.2pl3 i could prolly get an answer here. All replys appreciated.
There are many types of DoS and DDoS attacks
Sentinel does not block DDoS (Distributed Denial of Service) attacks only single IP based DoS (Denial of Service) Attacks and in all honesty it really doesn't do that all that well.
Nothing that resides on a server could stop a DDoS or DoS attack because they require the server to run. Only a Hardware based firewall that is seperate from the server can truely stop a DoS attack.
Since NukeSentinel resides at the server level it really can't be all that effective at blocking DoS or DDoS attacks.
There is a strong chance that what you were seeing on your site could have been google bots or something to that effect. Two things to t hink about.
1. 150 IP hitting your site at once during a (D)DoS attack would be more then enough to take the server down. Making your site unreachable
2. Google bots put no drain on the server meaning your site would be reachable but would have a large number of guests on it at the time the bots were spidering your site. One time I signed on here to find about 180 guests when I checked the who is where. I found Google, MSN, Yahoo and Alexa bots were spidering the site like crazy. Of the 180 or so guests on the site 160 of them were bots. Spidering is very random and I was quite surprised to see all the main search engines on this site at one time. But it happens.
Here is something else to consider. The sessions table holds the data for 30 - 60 minutes which means it is possible your site could have just had allot of traffic in the hour leading upto when you looked at it and nothing at all could have happened.
Or
Another site on your server could have been getting hit with a DoS attack and if you are on a shared server with a local MySQL database then your site could have picked up on the other site getting hit and it through your sessions table for a loop. I have seen that happen quite often. During the attack the server went down and when it came back up the sessions tables still hadn't cleared.
Basically what I am saying there is a number of reasons as to why you could have had that many vistors. Just don't depend on sentinel or any one of the countless DoS blocks out there to stop a DoS attack.
Thats what I was thinking but I wasn't 100% sure..I actually banned alot of them manually so maybe that will help if it was actually a Ddos attack against me, but I thank you for your reply and well explained one at that.
