What's a good high performance Linux TCP proxy? I specifically

Thread replies: 8
Thread images: 1

Anonymous
2016-05-03 11:04:21 Post No. 54356187
[Report] Image search: [Google]

File: DDOS-623x410.jpg (159 KB, 623x410) Image search: [Google]

Anonymous 2016-05-03 11:04:21 Post No. 54356187 [Report]

What's a good high performance Linux TCP proxy?

I specifically need a general purpose TCP proxy for RTMP traffic as well as HTTP

My website is being DDoS'd for the first time and it's a shit. My current provider where all my data is stored aren't willing to do anything but null route me. So I thought maybe I can get some VPS with some host that does provide anti-ddos protection and then proxy it to my regular servers (with new IPs).

Does that sound a reasonable approach?

as an aside, I might have the attacker's IP (was some suspicious activity from eastern europe in the days preceding this), is there anything I can do with it? Report them to their ISP? I have no absolute proof though. But a google of the IP brings up some COD playing kid getting banned from cheating on game servers, which sounds the type.

>>

Anonymous 2016-05-03 11:05:40 Post No.54356196
[Report]

Anonymous 2016-05-03 11:05:40 Post No.54356196 [Report]

u need a hardware firewall, use OVH

>>

Anonymous 2016-05-03 11:09:03 Post No.54356217
[Report]

Anonymous 2016-05-03 11:09:03 Post No.54356217 [Report]

>>54356196
I was looking at OVH, their VPS plans advertise anti DDoS protection, will that not be good enough?

>>

Anonymous 2016-05-03 11:52:17 Post No.54356532
[Report]

Anonymous 2016-05-03 11:52:17 Post No.54356532 [Report]

I don't know whether it's high preformance or not. But check out Haproxy.

>>

Anonymous 2016-05-03 12:02:14 Post No.54356638
[Report]

Anonymous 2016-05-03 12:02:14 Post No.54356638 [Report]

>>54356532
Thanks that looks like the thing I want

That being said am currently researching "gre tunnels" whatever they are, as they seem to be used in this situation...

>>

Anonymous 2016-05-03 12:05:24 Post No.54356661
[Report]

Anonymous 2016-05-03 12:05:24 Post No.54356661 [Report]

>>54356187
Cloudflare provide free DDOS protection

>>

Anonymous 2016-05-03 12:12:16 Post No.54356712
[Report]

Anonymous 2016-05-03 12:12:16 Post No.54356712 [Report]

>>54356187
I use to work for one of cloudflare's competitors.
Here is what we did:
>Run NGINX as a reverse proxy
>Firewalls only allowing port 443 and port 80
>New client comes in under DDOS attack
>We get Client to send us their SSL certificate
>We setup NGINX to reverse proxy and point to their IP address
>We tell client to change DNS record to our IP address (we called it a VIP).
>Tell client to change firewall to only allow traffic from our IP addresses.
>Use ELK stack to analyze traffic
>Come up with rules to whitelist or ratelimit or ban ips based on request/referrer/useragent etc.

>>

Anonymous 2016-05-03 12:13:34 Post No.54356722
[Report]

Anonymous 2016-05-03 12:13:34 Post No.54356722 [Report]

As far as I know you´r able to use "IP-geek" to find out some information of the attacker.