Solved

How to prevent being victim to DOS attack?

Posted on 2003-11-15
13
936 Views
Last Modified: 2010-04-11
We had an issue on or network recently that was described as a DOS attack because someone was playing with a program and didn't realize what they were doing. My question is just how does a DOS attack work and how can yo prevent it from taking down your network?
0
Comment
Question by:EmO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +1
13 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754304
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754312
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754322
0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 250 total points
ID: 9754404
DOS stands for Denial of Service and it can be hard to protect against them because it make use of the fact that your computers are offering a service or at least running some. It basically works through a person rendering a system unusable or slowing down a system to a crawl by overloading the resources so no one else can access them. It can happen because someone wants it to or it can happen as in your case by accident. Just about every piece of equipment pc’s, routers and everything that has to process packets at some level are vulnerable to DOS attacks. It’s hard to protect against them, however by restricting access to critical accounts, resources, and files and protecting them from unauthorized users can help hinder many DOS attacks. If you are connected to the Internet there is always a chance that an attacker may send you too much data that you are not able to process.

Remember a little while back when Amazon and Ebay and a bunch of other big sites claimed they were being attacked and you couldn’t get to them for a while? This is what was happening to them, although that is more classified as a DDOS (distributed denial of service) because the attack was coming from more then just one machine.

In it’s simplest form a DOS can result from a barging of ICMP echo replies which is what caused the problem mentioned above. Someone had compromised many machines within a universities network. These machines were going out on that network and pinging all of the other machines continuously but making it look as if those pings were coming from Yahoo. So when these machines were replying, “yea I’m here” they were doing so back to Yahoo.com. Now were talking about hundreds of machines here all continuously telling Yahoo that they were alive at the same time. Well yahoo couldn’t process all of those packets quick enough so it was overflowing there receive buffer. It appeared that Yahoo was offline but it was just too busy to answer your request for its webpage because it was processing all of those packets. Sometimes this can cause a machine to crash sometimes it can just tie it up.

We used to have fun back in the NT4 days with similar programs and pinging the NETBIOS ports would cause a machine to blue screen. This was before they fixed the problem with a service pack. Used to have tons of fun on AOL back when it was version 3 using similar toolz as well, lol.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9755122
As you've experienced, a DOS attack doesn't have to be malicious, come from the internet or take advantage of a vulnerability.

There are two aspects in gurading the network, proactive and reactive.
The proactive aspects involve keeping things patched up, having policies and educating users, setting up firewalls and setting appropriate packet filters.
The reactive approach is network monitoing, usually done with snmp and IDS. You need both Intrusion Detecton and snmp monitoring and alerting to be truly safe (but remember you're always one step behind the script kiddies.) The first monitors for known worms and other vulnerability probes, the second keeps an eye on network traffic rates, failed equipment and connections and would have picked up a bad nic, some goofball who set his laptop address to the broadcast address, rougue servers and wireless connection, misbehaving applications (and users), etc.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9756099
One way to stop an attack would be to identify the ip addys, subnets or ports and use IPSEC policy to block the activity.
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9757567
Did any of my links not useful at all ?

Sunray
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9757608
lol
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9758895
Well if it's any consolation I found your links to be informative Sunray. How do you do one of those assists where you can split the points? Or I could just post some to couldn't I?

EmO, did you not look at the web pages that were posted from sunray?
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9758908
Thanks Toolkoolkris..  My idea is if links can give information what is the big deal if it is going to be  useful ..

I think you should be knowing this . You can post a link saying "points for sunray" and I can comment in that and you can accept my answer..

Sunray
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9758910
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9759058
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question