Can a people DDOS a block Port?
If you have blocked the only open port pointing to the system you shouldn't have an issue (since it doesn't accept traffic), although if you are going to block traffic you might as well turn off the port via your router.
Changing the port is largely pointless. Security through obscurity won't stop, for example, a generic HTTP DDoS request to the server, which is redirected by your router to whatever port/system specified. Anyone looking to do any sort of specific attack will likely run a port scanner and find the open ports.
There are various ways to mitigate DDoS attacks:
- Block any connection which makes a certain number of requests in a given time
- Use more complex systems like DNS Sinkholes
- Web services which can assist with it such as Cloudflare
Related videos on Youtube
04 : 49
03 : 20
19 : 27
01 : 33
05 : 43
Natashaa Fujiwara
Updated on September 18, 2022Comments
-
Natashaa Fujiwara over 1 year
The title says it all, I've search around the net but no avail. From what I understand, DDoS is a distributed denial of service attack, where multiple people sent a huge request at a same time which overload the webserver. (People can't access the website)
- For example I have port 80 blocked by my router firewall. Can anyone DDOS and overload the network?
- If I change to port 8080 for a webserver without people knowing, can they still shutdown a webserver if they are DDoS on a different port?
- This has been asked a lot but are there ways to mitigate the attack?
-
Ramhound almost 10 yearsIf a port has nothing running on it, then a connect on said port would be refused by the host. switching the port won't prevent a DDOS attack since people will know what port your running your website on since they can simply connect to it using a single connection.
-
barlop almost 10 yearsmight his router be extra busy receiving a bombardment of packets on the albeit closed port? and perhaps his internet bandwidth?
-
Matthew Williams almost 10 yearsI suppose that would depend on his router and what exactly he means by block. I have taken it to mean simply ignore traffic. Although it could be process each request and block it, which might very well flood the router. -
barlop almost 10 yearsLooking from an algorithmic perspective, it looks like there has to be some processing. e.g. process the incoming packet, what port is it on(what value does it have in the TCP DST PORT field), if that value is on a closed port, don't let it in. If it's part of an existing connection, let it in. If it's a new connection, on a port that is open, pass to the firewall and if it matches, port forward it. i.e. even if it's a packet whose TCP DEST FIELD is a closed port, there is still processing - checking that field.
