Results 1 to 23 of 23
  1. #1
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514

    Dealing with DoS

    Any tips for dealing with DoS? Sometimes I get hit with "low level attacks"... 10mbit, 5mbit, 2mbit... they just seem to waste bandwidth.



    Thanks

  2. #2
    Your provider shouldn't charge you for DoS attacks, no matter how frequent. This is policy for many data centers.

    If you continue to be hit with attacks, you may want to consider investing in & implementing a firewall. At least then legitimate traffic will be able to pass.

  3. #3
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    The limited experience I have had with them, they do charge you... Firewalls dont really do anything unless they thing your server is down and stop. :-/

    Always look on the brighter side of life... good song lol

  4. #4
    One purpose of a firewall is to detect malicious traffic and reject it from your network. Thus your server will always appear offline to a DoS attack.

    Most basic firewalls have the ability to detect and block the following type of malicious traffic:

    SYN attack
    ICMP flood
    UDP flood
    Ping of death
    IP spoofing
    Port scan
    Land attack
    Tear drop attack
    IP address sweep attack
    WinNuke attack

    Search eBay for "firewall", you can probably pick up a decent Pix or Watch Guard for cheap.

  5. #5
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    Whats a tear drop attack?

    Thanks for the list of things to block

  6. #6

  7. #7
    Join Date
    May 2001
    Posts
    53
    Originally posted by CipherVendor
    Your provider shouldn't charge you for DoS attacks, no matter how frequent. This is policy for many data centers.
    Can you tell us what providers don't charge for DoS attacks?

  8. #8
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    Originally posted by CipherVendor
    http://advanced.comms.agilent.com/Ro...l/JTC_018.html
    ah i see... name sounded familiar

  9. #9
    Originally posted by John1973

    Can you tell us what providers don't charge for DoS attacks?
    From personal experience:

    Tier 1
    -------
    Verio
    Telehouse
    Equinix
    Q9
    Groupe Telecom


    Tier 2
    -------
    HE
    NAC


    Between 95th percentile omitting spikes in traffic and the ability to pick up the phone and call the facility manager at the data center you are housed at. DoS attacks don't have to cost you a dime.

  10. #10
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    thats only if they are willing to filter traffic to your box :-/

  11. #11
    Originally posted by alapo
    thats only if they are willing to filter traffic to your box :-/
    I don't see why they wouldn't. Any facility can easily add access rules on the vlan interface connecting their distribution switch to your router/switch.

    If they won't do this for you, why are you paying them money?

  12. #12
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    For a box, and bandwidth, and power, and.... thats kinda stuff

  13. #13
    Originally posted by alapo
    For a box, and bandwidth, and power, and.... thats kinda stuff
    Exactly, the key word is bandwidth. Your data center should be willing to maintain their networks integrity by filtering out malicious traffic.

    Perhaps you should glance over your contract and/or their SLA looking for any clauses which cite denial of service attacks, etc.

  14. #14
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    yes i should do that and i will!

  15. #15
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    yes i should do that and i will!


    Behold the power of cheese!!

  16. #16
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    oops double posted lol

  17. #17
    Join Date
    Oct 2002
    Location
    Tampa, FL
    Posts
    42
    What kind of DoS attacks are you getting? If it's just the run of the mill icmp, get your provider to block it at their router. Blocking source address spoofed attacks is circa 1998 stuff.

  18. #18
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    The last one was fragmented UDP packets.

  19. #19
    Join Date
    Jan 2002
    Posts
    574
    Originally posted by CipherVendor
    One purpose of a firewall is to detect malicious traffic and reject it from your network. Thus your server will always appear offline to a DoS attack.

    Most basic firewalls have the ability to detect and block the following type of malicious traffic:

    SYN attack
    ICMP flood
    UDP flood
    Ping of death
    IP spoofing
    Port scan
    Land attack
    Tear drop attack
    IP address sweep attack
    WinNuke attack

    Search eBay for "firewall", you can probably pick up a decent Pix or Watch Guard for cheap.
    If you have a problem with some of the above attacks, maybe you should considering upgrades your OS... goodness, most of those have been patched for years.

    And, no, the purpose of a firewall isn't to detect malicious traffic, it is to BLOCK that traffic.

    Get a network intrusion detection system to 'detect' malicious attacks and tie that in with the firewall to block such addresses.

  20. #20
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    Um... the attack will still fill your pipe...

  21. #21
    Join Date
    Oct 2002
    Location
    Tampa, FL
    Posts
    42
    Originally posted by alapo
    Um... the attack will still fill your pipe...





    Get your uplink to filter fragmented UDP packets at their routers then..heh

  22. #22
    Join Date
    Sep 2002
    Location
    Washington DC
    Posts
    2,514
    did you read the whole discussion? :-/

  23. #23
    Join Date
    Oct 2002
    Location
    Tampa, FL
    Posts
    42
    Originally posted by alapo
    did you read the whole discussion? :-/

    Yeah..I thought we were talking about frag'd udp packets? Stuff like land and teardrop hasnt worked since win95/linux 2.0.29, and even at that it's only a few packets sent. So if you're filtered against icmp floods (smurf) and udp floods (fraggle), then you should be pretty good to go.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •