Link to home
Start Free TrialLog in
Avatar of cbtech
cbtech

asked on

Dealing with DDOS and other traffic attacks...

I know this is an age old question, but I was wondering how people have dealt with DDOS attacks in the past on various architectures?
Avatar of Keravi
Keravi

Hello cbtech!

Well the best thing is to check with your ISP to see if they offer support for their customers when experiencing a DDoS attack. It will be most effective if they (your ISP) can block the offending traffic before it even is routed to your network. If they can't do this, then you will still 'see' all of the traffic and have to deal with it, meaning you'll still get DoS'd as all of your bandwidth will be taken (referring to a flood type attack where the intent is to use all of your bandwidth).

If you are wanting to know the technical side of things you could check Cisco (http://www.cisco.com/warp/public/707/newsflash.html for example) and other router vendors as they have many different resources on what happens and how to prevent the various types of DDoS attacks.

The site (http://www.denialinfo.com/) has some very good links to sites that describe the various defense and incident response strategies that are used to combat DDoS attacks.

An important thing to remember is that you don't just want to protect against DDoS attacks coming into your network, but also you want to protect against being an unwilling participant in a DDoS, that is, you don't want to find that your systems have been infected with software that is actively attacking your Internet neighbors!
1) Do not network. Keep server off the cable. (seriously, it can be done and is)

2) Be anonymous.  If you do not have requirement for specific name or address, then do not set one up to cater to mere vanity.  Generally, servers need it, workstations/desktops do not.

2a) NoTell.  Do not brag about yourself leaving identity traces all over the place even if they do offer freebies or rewards for eating hamburger # 1,000,000

3) Upgrade.  For any kind of attack, odds are good that it is due to some flaw that is being exploited, and there is a fix around, and anyone who has performed all of their upgrades will never be affected.

4) Firewall. Hardware is better, but no firewall is end all. For plain consumers, they are doing well enough by running freeware products such as zonealarm, which can also block malware from leaving your system

5) Use good ISP, but do not count on them.  The better ones now do not allow customers to run malware for long, telling them to upgrade or goodbye

6) at home, use dial up instead of direct connect. It is like #2, making you a little more transparent and harder to abuse for long.

7) Disconnect abusers. If someone participates in attack, but does not know they are surrogate, too bad, kick them out anyway until they get with the program and upgrade properly.

8) No Loaners.  Don't let anyone or anything 'borrow' your computer for any reason if you want to maintain security. If another has used it, rebuild it from scratch to lock it down again.

9) switch to unice, any version of unix is better at this than the popular brand

10) Never run anything that you have not purchase and guarantee for, and know how to run and what it is supposed to do. Keep it simple. Nothing strange should be running.
I'd sure agree with some of your response, SunBow, but it's kinda dangerous to say that "anyone who has performed all of their upgrades will never be affected".

Take Zero Day events - they are generally, by their very nature, exploits that have been found to be useable and an attack is launched before software vendors and AV people even know about it.  Believe me, having experienced it, it isn't pleasant!

Certainly for a major network, the best form of defence is to ensure that your router and firewall configs only allow known traffic and then only on permitted ports. Block by default - NOT the other way around.

Paul.
ASKER CERTIFIED SOLUTION
Avatar of PeteLee-PortlandOregon
PeteLee-PortlandOregon

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial