Ident DDoS

You may have noticed that the shell server was a bit slow last night, this is because someone launched a DDoS attack on the server, more specifically the ident daemon. The network was down or very slow between 03-04, but the attack didn’t really stop until about 06 AM.

There was at times more than 7000 open connections, and during the night a total of roughly 200000 connections were made to the identd.

When I woke up this morning (7.30) it was over, but I’ve put in some extra protections so this should not be able to happen again. The identd is now rate limited in the firewall (with the limit filter to iptables), and there was also some parameters to the identd (oidentd in this case) to tweak the timeouts and number of connections.

It’s too bad those scriptkiddies can’t leave a decent provider like us alone, but I guess it’s a part of IRC and shell hosting bussiness. Hopefully they will grow up and learn some day 🙂

This entry was posted in attack, internet, security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *