Solved

How to prevent being victim to DOS attack?

Posted on 2003-11-15
13
909 Views
Last Modified: 2010-04-11
We had an issue on or network recently that was described as a DOS attack because someone was playing with a program and didn't realize what they were doing. My question is just how does a DOS attack work and how can yo prevent it from taking down your network?
0
Comment
Question by:EmO
  • 6
  • 3
  • 3
  • +1
13 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754304
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754307
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754312
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9754322
0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 250 total points
ID: 9754404
DOS stands for Denial of Service and it can be hard to protect against them because it make use of the fact that your computers are offering a service or at least running some. It basically works through a person rendering a system unusable or slowing down a system to a crawl by overloading the resources so no one else can access them. It can happen because someone wants it to or it can happen as in your case by accident. Just about every piece of equipment pc’s, routers and everything that has to process packets at some level are vulnerable to DOS attacks. It’s hard to protect against them, however by restricting access to critical accounts, resources, and files and protecting them from unauthorized users can help hinder many DOS attacks. If you are connected to the Internet there is always a chance that an attacker may send you too much data that you are not able to process.

Remember a little while back when Amazon and Ebay and a bunch of other big sites claimed they were being attacked and you couldn’t get to them for a while? This is what was happening to them, although that is more classified as a DDOS (distributed denial of service) because the attack was coming from more then just one machine.

In it’s simplest form a DOS can result from a barging of ICMP echo replies which is what caused the problem mentioned above. Someone had compromised many machines within a universities network. These machines were going out on that network and pinging all of the other machines continuously but making it look as if those pings were coming from Yahoo. So when these machines were replying, “yea I’m here” they were doing so back to Yahoo.com. Now were talking about hundreds of machines here all continuously telling Yahoo that they were alive at the same time. Well yahoo couldn’t process all of those packets quick enough so it was overflowing there receive buffer. It appeared that Yahoo was offline but it was just too busy to answer your request for its webpage because it was processing all of those packets. Sometimes this can cause a machine to crash sometimes it can just tie it up.

We used to have fun back in the NT4 days with similar programs and pinging the NETBIOS ports would cause a machine to blue screen. This was before they fixed the problem with a service pack. Used to have tons of fun on AOL back when it was version 3 using similar toolz as well, lol.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9755122
As you've experienced, a DOS attack doesn't have to be malicious, come from the internet or take advantage of a vulnerability.

There are two aspects in gurading the network, proactive and reactive.
The proactive aspects involve keeping things patched up, having policies and educating users, setting up firewalls and setting appropriate packet filters.
The reactive approach is network monitoing, usually done with snmp and IDS. You need both Intrusion Detecton and snmp monitoring and alerting to be truly safe (but remember you're always one step behind the script kiddies.) The first monitors for known worms and other vulnerability probes, the second keeps an eye on network traffic rates, failed equipment and connections and would have picked up a bad nic, some goofball who set his laptop address to the broadcast address, rougue servers and wireless connection, misbehaving applications (and users), etc.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Expert Comment

by:juliancrawford
ID: 9756099
One way to stop an attack would be to identify the ip addys, subnets or ports and use IPSEC policy to block the activity.
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9757567
Did any of my links not useful at all ?

Sunray
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9757608
lol
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9758895
Well if it's any consolation I found your links to be informative Sunray. How do you do one of those assists where you can split the points? Or I could just post some to couldn't I?

EmO, did you not look at the web pages that were posted from sunray?
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9758908
Thanks Toolkoolkris..  My idea is if links can give information what is the big deal if it is going to be  useful ..

I think you should be knowing this . You can post a link saying "points for sunray" and I can comment in that and you can accept my answer..

Sunray
0
 
LVL 9

Expert Comment

by:TooKoolKris
ID: 9758910
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9759058
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
good comptia a+ teacher? 4 75
nmap scanner? 7 80
Multiple Antivirus Providers  - Corporate 2 80
Sophos EC migration to Cloud. 1 44
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now