' Wrote:I came up with a few thoughts listening to comments about the aggresive attacks our servers are suffering, and perhaps everyone's grain of salt here can help make a change for the best.
First off in the discussion should be network security for our server. I went to visit a few friends of mine and I saw that the Procyon server uses a special feature (correct me if I'm wrong), "-proc.no-ip.org" in the shortcut connection tab, which I believe randomizes or rotates the server's IP. If this is indeed possible, then I believe it's a start.
Won't help in this case. Remember, the attack is not directed towards the actual machine, but the transport mechanism. So if such a system was used, the attack would just be directed towards the proc.no-ip.org site, and swamp that sites pipes, resulting in nobody being able to connect to that site to get the IP of the server.
Analogy time : Instead of targetting a specific car driving on the road, target the road itself making it congested, traffic slows down or is stopped, resulting in the real car can not reach its destination.
Thats what a DDoS attack does in effect. With the analogy in mind, a DDoS attack puts "so many cars on the road, so traffic stalls or completely stops, thereby denying service to the drivers of the real cars."
The only effective means of defence against a DDoS attack is, again with the analogy in mind, divert the non real cars into a scrapyard, at the entry point of the road - I.E. nullrouting aka blackholeling the non-valid traffic at routers upstream, untill the machines used to generate and transmit that traffic effectively is cordoned off from the routing used to reach the targetted IP.
Given the nature of the Internet, that can involve many ISP's and lots of routers.
EDIT: Just checked no-ip.org. Its not a defence mechanism against anything. Its just a dynamic DNS provider just like Dyndns.com. All it does is make it easier for users that have dynamic IP adresses, to provide a more permanent link to their machine. I.E: When their IP address changes, the proc.no-ip.org URL just resolves to the new address. Getting the IP address would just involve a ping, a DNS lookup, or a traceroute.
Out of bats, Out of bots, Out of torps - Down to harsh language...
