Dealing with DDOS and other traffic attacks...

I know this is an age old question, but I was wondering how people have dealt with DDOS attacks in the past on various architectures?
Who is Participating?
PeteLee-PortlandOregonConnect With a Mentor Commented:
1) DEFINATELY patch your server OS.  This is one of the single biggest reasons why so many Windows servers are vulnerable--people aren't aware of the importance of security updates.

I'd also note that UNIX servers (Linux, BSD, Solaris, etc.) have similar patching requirements.  Perhaps not as often, but it's no less important.

2) I'm leery of ZoneAlarm--it can have rather adverse effects on system stability.  I'm also skeptical of running a software firewall that may not protect your server against attacks that are lower down on the OSI stack (i.e., Layer 3, IP).

3) Get a hardware firewall, enable NAT, and learn to configure it properly.  For home use, there are plenty of decent brands out there (Linksys, Netgear, etc.).

If you're a small business that can't afford to spend a lot, the Kentrox Q-Series router is worth a look.  It's relatively inexpensive, and has an Intrusion Detection System built in that can dynamically respond to DoS attacks and the like.  There are other options as well (SonicWall is another).

4) Security through obscurity is a myth.  The IP address I use for my home connection is regularly the subject of port scans.  Just because you don't have a domain name doesn't mean that they won't find you.
Hello cbtech!

Well the best thing is to check with your ISP to see if they offer support for their customers when experiencing a DDoS attack. It will be most effective if they (your ISP) can block the offending traffic before it even is routed to your network. If they can't do this, then you will still 'see' all of the traffic and have to deal with it, meaning you'll still get DoS'd as all of your bandwidth will be taken (referring to a flood type attack where the intent is to use all of your bandwidth).

If you are wanting to know the technical side of things you could check Cisco ( for example) and other router vendors as they have many different resources on what happens and how to prevent the various types of DDoS attacks.

The site ( has some very good links to sites that describe the various defense and incident response strategies that are used to combat DDoS attacks.

An important thing to remember is that you don't just want to protect against DDoS attacks coming into your network, but also you want to protect against being an unwilling participant in a DDoS, that is, you don't want to find that your systems have been infected with software that is actively attacking your Internet neighbors!
1) Do not network. Keep server off the cable. (seriously, it can be done and is)

2) Be anonymous.  If you do not have requirement for specific name or address, then do not set one up to cater to mere vanity.  Generally, servers need it, workstations/desktops do not.

2a) NoTell.  Do not brag about yourself leaving identity traces all over the place even if they do offer freebies or rewards for eating hamburger # 1,000,000

3) Upgrade.  For any kind of attack, odds are good that it is due to some flaw that is being exploited, and there is a fix around, and anyone who has performed all of their upgrades will never be affected.

4) Firewall. Hardware is better, but no firewall is end all. For plain consumers, they are doing well enough by running freeware products such as zonealarm, which can also block malware from leaving your system

5) Use good ISP, but do not count on them.  The better ones now do not allow customers to run malware for long, telling them to upgrade or goodbye

6) at home, use dial up instead of direct connect. It is like #2, making you a little more transparent and harder to abuse for long.

7) Disconnect abusers. If someone participates in attack, but does not know they are surrogate, too bad, kick them out anyway until they get with the program and upgrade properly.

8) No Loaners.  Don't let anyone or anything 'borrow' your computer for any reason if you want to maintain security. If another has used it, rebuild it from scratch to lock it down again.

9) switch to unice, any version of unix is better at this than the popular brand

10) Never run anything that you have not purchase and guarantee for, and know how to run and what it is supposed to do. Keep it simple. Nothing strange should be running.
I'd sure agree with some of your response, SunBow, but it's kinda dangerous to say that "anyone who has performed all of their upgrades will never be affected".

Take Zero Day events - they are generally, by their very nature, exploits that have been found to be useable and an attack is launched before software vendors and AV people even know about it.  Believe me, having experienced it, it isn't pleasant!

Certainly for a major network, the best form of defence is to ensure that your router and firewall configs only allow known traffic and then only on permitted ports. Block by default - NOT the other way around.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.