[SOLVED] Can they ddos me on ipv6?
#1
Hello, 

My server is under ddos attack 1-2 GB/s on port 80 and some times 22 and 21., so i have install CSF mod_security and one script DDos Deflate. 

For now is good. 

And i have make some changes about my server, i have change my ip, and i have host all domain's with ipv6 not ipv4 
I think a lot off Ddos programs and scripts, send attack on ipv4

So what do you think ? about this can they ddos me on ipv6?
i'm not too good with "network" and for this i'm asking
which ip is more protected to use when you are under ddos attack ipv4 or ipv6 ?


Thanks.
D❤ᴘᴇ.ᴀʟ Oᴡɴᴇʀ.
#2
Yes, you can be attacked with (D)DoS over IPv6 if the attackers have IPv6. That said IPv6 is not really wide spread and most end consumer ISPs might not have IPv6. So atleast a lot of the botnets that have IPv4 only clients will not be able to hit you unless they use some translation technique or have tunneled IPv6 (Tunnel Broker, et cetera).

http://www.zdnet.com/article/first-ipv6-...acks-seen/
http://www.slideshare.net/TomPaseka/hkno...ipv6-world

The more IPv6 gets adopted the bigger the amount attacks will be.
#3
There is no warranty that IPv6 is more secure than IPv4 or vice versa. You should better look for provider which offers Anti DDoS protection.
Thank you FreeVPS and ZXPlay for VPS 7 and 19

[Image: show_img.php?userid=17170&vpscount=2]


Don't PM me for support, use an appropriate forum to ask for support
#4
Hello.

Yes you can be attacked by IPv6 we already have costumers who got attacked by IPv6 as node watch reported this to us in our cause it was in France location which protected from such attacks.
#5
(2016-02-28, 1:24:42 am)Hidden Refuge Wrote:  Yes, you can be attacked with (D)DoS over IPv6 if the attackers have IPv6. That said IPv6 is not really wide spread and most end consumer ISPs might not have IPv6. So atleast a lot of the botnets that have IPv4 only clients will not be able to hit you unless they use some translation technique or have tunneled IPv6 (Tunnel Broker, et cetera).

http://www.zdnet.com/article/first-ipv6-...acks-seen/
http://www.slideshare.net/TomPaseka/hkno...ipv6-world

The more IPv6 gets adopted the bigger the amount attacks will be.

better news for me! Cheese
I think they don't have an ipv6 cause my server is online just i have change ipv4 for my server and i have host domain with ipv6 and they don't know how to find my ipv4
they are just some kids which has found on internet "How to ddos"
thanks Wink


(2016-02-28, 1:35:34 am)abhe Wrote:  There is no warranty that IPv6 is more secure than IPv4 or vice versa. You should better look for provider which offers Anti DDoS protection.
Yes also i have one server from OVH i use it for my personal websites or projects, but 1 day ago i have transfer all clients on it!
thanks!

(2016-02-28, 2:50:19 am)JanuszC Wrote:  Hello.

Yes you can be attacked by IPv6 we already have costumers who got attacked by IPv6 as node watch reported this to us in our cause it was in France location which protected from such attacks.

Thank you for information!
D❤ᴘᴇ.ᴀʟ Oᴡɴᴇʀ.
#6
Do not misunderstand the situation you are in. IPv4 only clients cannot access IPv6 only sites/services. If you have both IPv4 and IPv6 both kind of attackers can attack you. All they need to do is run a nslookup for A and AAAA and they have the IPv4 and IPv6 address of your server.

So what you need is really DDoS protected IP addresses which as far as I know is already part of OVH in all their products.
#7
(2016-02-28, 4:07:45 am)Hidden Refuge Wrote:  Do not misunderstand the situation you are in. IPv4 only clients cannot access IPv6 only sites/services. If you have both IPv4 and IPv6 both kind of attackers can attack you. All they need to do is run a nslookup for A and AAAA and they have the IPv4 and IPv6 address of your server.

So what you need is really DDoS protected IP addresses which as far as I know is already part of OVH in all their products.

i have install a loot off scripts to filter this attack csf, fail2ban, ddos deflate, modsecurity, configs for iptables for anti ddos, i have configure psad, and fail2ban and if anyone try to scan my ip ports with nmap they will got banned permanently.
 also i'm using plesk panel and i have install some extensions for anti ddos  Huh

my server from ovh is an small server i can't use it too create a hosting company, 
I'm thinking when is an big ddos attack to set up an forward attack from my server to ovh server!
D❤ᴘᴇ.ᴀʟ Oᴡɴᴇʀ.
#8
I thought my english sked !1 Anyway, there is not much point in having a lot of anti ddos auto-banning ninja-foo software on your server if it is getting drowned in heavy ddos. You wont be able to use it effectively cause all your bandwidth is being used up by ddos .

You are talking about building an iron wall around your house while people are attacking on your walls. It is fine. and might protect you. But the thing is you wont be able to get out... hope that helps.. god bless
Many thanks to Freevps, Chris (cw1998), The Guy( ID 4810), optimus, GHP and the other  staff members.
#9
(2016-02-28, 5:17:52 pm)rudra Wrote:  I thought my english sked !1 Anyway, there is not much point in having a lot of anti ddos auto-banning ninja-foo software on your server if it is getting drowned in heavy ddos. You wont be able to use it effectively cause all your bandwidth is being used up by ddos .

You are talking about building an iron wall around your house while people are attacking on your walls. It is fine. and might protect you. But the thing is you wont be able to get out... hope that helps.. god bless

thanks, 
good news is cause i have found how they are ddosing me,
in one test server i have install only CSF
i have found that program and i start to ddos myself in one test server,
to find an way how to stop this, just with one simple ban i can stop this,
i use trafshow to monitor my network and to find where ddos is coming!
bad news is cause now is needed to found an way how to limit bandwidth or network packs and if anyone break the limitation will got banned from csf :Skeptical
i found this on serverfault, but is not working!

Code:
iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-upto 50/min \
   --hashlimit-burst 500 --hashlimit-mode srcip --hashlimit-name http -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
D❤ᴘᴇ.ᴀʟ Oᴡɴᴇʀ.
#10
Rate limit incoming connections?

Try http://www.debian-administration.org/art...onnections

Although if the flood is really big iptables will not be able to hold up and your server will go down anyway. For big floods dedicated DDoS filtering is required like OVHs firewall.




Users browsing this thread: 1 Guest(s)