Hi i have some problem with hacker attack to my customer that stream with twitch.
There is a bug in their servers that they can see public ip and hack it.
My network go down when it happens and i can’t see nothing.
what can I do for stop this?
Sugget?
Re: problem with hack attack
Without more details we'll be of little help. If the attack is a DDoS their are mechanisms you can implement on your network to help mitigate the damage they can do. That said it also depends on your network architecture too.
Things like:
Enforcing BCP38 policies on your devices (CPE or PPPoE server)
Creating an automatic method of detecting the source of a DDoS and be able to deploy and manage the removal of blackhole routes (fail2ban) ahead of stateful inspection devices. (fail2ban)
If you have a very small upstream connection to the Internet you may find leasing space and bandwidth in at least one data center an effective deterrent. You could tunnel all of your traffic from the data center to your normal edge device. You'd have the advantage of inspecting and dropping the malicious traffic in the data center on a very high speed connection to the Internet that is cost effective. Pairing they with the ability to blackhole traffic before it hits your more limited connection closer to your customers.
Things like:
Enforcing BCP38 policies on your devices (CPE or PPPoE server)
Creating an automatic method of detecting the source of a DDoS and be able to deploy and manage the removal of blackhole routes (fail2ban) ahead of stateful inspection devices. (fail2ban)
If you have a very small upstream connection to the Internet you may find leasing space and bandwidth in at least one data center an effective deterrent. You could tunnel all of your traffic from the data center to your normal edge device. You'd have the advantage of inspecting and dropping the malicious traffic in the data center on a very high speed connection to the Internet that is cost effective. Pairing they with the ability to blackhole traffic before it hits your more limited connection closer to your customers.
Re: problem with hack attack
Without more details we'll be of little help. If the attack is a DDoS their are mechanisms you can implement on your network to help mitigate the damage they can do. That said it also depends on your network architecture too.
Things like:
Enforcing BCP38 policies on your devices (CPE or PPPoE server)
Creating an automatic method of detecting the source of a DDoS and be able to deploy and manage the removal of blackhole routes (fail2ban) ahead of stateful inspection devices. (fail2ban)
If you have a very small upstream connection to the Internet you may find leasing space and bandwidth in at least one data center an effective deterrent. You could tunnel all of your traffic from the data center to your normal edge device. You'd have the advantage of inspecting and dropping the malicious traffic in the data center on a very high speed connection to the Internet that is cost effective. Pairing they with the ability to blackhole traffic before it hits your more limited connection closer to your customers.
Hi,
i can't see nothing because it block all..
i can implement, in my firewall router (ccr1036-2s+) or in bgp router (ccr1072), rules I see in wiki mikrotik or is too aggressive?
all my netowkr go out via those routers
/ip firewall filter
add chain=forward connection-state=new action=jump jump-target=block-ddos
add chain=forward connection-state=new src-address-list=ddoser dst-address-list=ddosed action=drop
add chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s action=return
add chain=block-ddos action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m
add chain=block-ddos action=add-src-to-address-list address-list=ddoser address-list-timeout=10m
in attachement I give you ip settings of bgp router and firewall router.
thanks
You do not have the required permissions to view the files attached to this post.
Re: problem with hack attack
So, CPU is the enemy here. Your devices have limited resources inspect traffic (IP firewall).
In most cases you should control a router in front (closer to the Internet) than your firewall. Your firewall needs a mechanism to tell your router about malicious traffic and drop it via a null or blackhole route.
By dropping traffic in routing ahead of the stateful inspection device you conserve CPU and it is able to stay responsive.
There isn't a magic, preset, way to do what I described but the components can be as simple as logging ACLs on the firewall that seem to be DDoS traffic and have scripting that watches the logs and reacts. The reaction could be an API driven action that creates a blackhole route and schedules it's cleanup after say 10 min.
In most cases you should control a router in front (closer to the Internet) than your firewall. Your firewall needs a mechanism to tell your router about malicious traffic and drop it via a null or blackhole route.
By dropping traffic in routing ahead of the stateful inspection device you conserve CPU and it is able to stay responsive.
There isn't a magic, preset, way to do what I described but the components can be as simple as logging ACLs on the firewall that seem to be DDoS traffic and have scripting that watches the logs and reacts. The reaction could be an API driven action that creates a blackhole route and schedules it's cleanup after say 10 min.
Re: problem with hack attack
Twitch doesn't leak IP addresses. Playing on unknown servers, voice chat, P2P games, Skype, etc are the more likely causes.
Re: problem with hack attack
problem is twitch.Twitch doesn't leak IP addresses. Playing on unknown servers, voice chat, P2P games, Skype, etc are the more likely causes.
if stream in google server or youtube they can't hack him.
is use twitch they can hack
Re: problem with hack attack
Sorry but that isn't true. Twitch is not peer to peer, it's not possible to get a streamers IP. The problem likely appears when streaming to Twitch is because Twitch has the highest concentration of trolls who like to disrupt streams. They are finding the IP some other way as mentioned above.