DOS Attack - Bandwidth [Archive]

View Full Version : DOS Attack - Bandwidth

Fish_Saver

12-28-2001, 07:49 PM

I believe last week my "managed" server had a DOS attack the Bandwidth was a Steady 1.6 mbs for a day and a half. My hosting company said;

Part of First Reply -

This graph is consistent with a PING/ICMP based DOS.

Part of Second Reply-

Having exhaustively inspected your server I have found no evidence of your server having been compromised.
XXXXXX does not normaly offer credits against bandwidth overage your server, even if it is the result of a DOS.

My Question;

What Linux software do I use to monitor my hosting companies network and protect myself from a DOS. Can I program thier Routers and such - might have to protect them to protect me.

allan

12-28-2001, 11:35 PM

Unfortunately, there is little you can do at the server level. If a DOS attack is directed to your server, the bandwidth is still going to be used, even if you were to deny the IP Addresses access (not likely, since you probably would not be able to get into the server while the attack was happening).

It is also unlikely that your host will allow you to change the configuration on their routers (unlikely being a gross understatement here).

That being said, you should examine the logs to find out where the attack orginated (though it probably originated from a compromised server -- so it may not do you any good), and report the information to the authorities.

You also may want to forward this URL to your host:

http://www.cisco.com/warp/public/707/newsflash.html#prevention

Assuming they are using Cisco equipment, there are some excellent strategies for preventing, or at least limiting the negative imact of DOS attacks.

ffeingol

12-28-2001, 11:39 PM

You might want to look at demarc (www.demarc.com). It will not prevent this type of attack, but with it's use of snort, it will at least log it.

Having a decent log of what is going on (ip's can be forged etc.) can help you and possibly your host figure out what's going on.

Frank

CLEARVERT

12-30-2001, 03:59 AM

Don't host sites that attract DoSes

example: IRC , warez? , evil sites.

We implement that policy and we recieve nearly no dos attacks, but we do recieve it sometimes but its short.