Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Dealing with DDOS and other traffic attacks...

Posted on 2004-09-16
Medium Priority
Last Modified: 2010-04-11
I know this is an age old question, but I was wondering how people have dealt with DDOS attacks in the past on various architectures?
Question by:cbtech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 12074937
Hello cbtech!

Well the best thing is to check with your ISP to see if they offer support for their customers when experiencing a DDoS attack. It will be most effective if they (your ISP) can block the offending traffic before it even is routed to your network. If they can't do this, then you will still 'see' all of the traffic and have to deal with it, meaning you'll still get DoS'd as all of your bandwidth will be taken (referring to a flood type attack where the intent is to use all of your bandwidth).

If you are wanting to know the technical side of things you could check Cisco (http://www.cisco.com/warp/public/707/newsflash.html for example) and other router vendors as they have many different resources on what happens and how to prevent the various types of DDoS attacks.

The site (http://www.denialinfo.com/) has some very good links to sites that describe the various defense and incident response strategies that are used to combat DDoS attacks.

An important thing to remember is that you don't just want to protect against DDoS attacks coming into your network, but also you want to protect against being an unwilling participant in a DDoS, that is, you don't want to find that your systems have been infected with software that is actively attacking your Internet neighbors!
LVL 24

Expert Comment

ID: 12079693
1) Do not network. Keep server off the cable. (seriously, it can be done and is)

2) Be anonymous.  If you do not have requirement for specific name or address, then do not set one up to cater to mere vanity.  Generally, servers need it, workstations/desktops do not.

2a) NoTell.  Do not brag about yourself leaving identity traces all over the place even if they do offer freebies or rewards for eating hamburger # 1,000,000

3) Upgrade.  For any kind of attack, odds are good that it is due to some flaw that is being exploited, and there is a fix around, and anyone who has performed all of their upgrades will never be affected.

4) Firewall. Hardware is better, but no firewall is end all. For plain consumers, they are doing well enough by running freeware products such as zonealarm, which can also block malware from leaving your system

5) Use good ISP, but do not count on them.  The better ones now do not allow customers to run malware for long, telling them to upgrade or goodbye

6) at home, use dial up instead of direct connect. It is like #2, making you a little more transparent and harder to abuse for long.

7) Disconnect abusers. If someone participates in attack, but does not know they are surrogate, too bad, kick them out anyway until they get with the program and upgrade properly.

8) No Loaners.  Don't let anyone or anything 'borrow' your computer for any reason if you want to maintain security. If another has used it, rebuild it from scratch to lock it down again.

9) switch to unice, any version of unix is better at this than the popular brand

10) Never run anything that you have not purchase and guarantee for, and know how to run and what it is supposed to do. Keep it simple. Nothing strange should be running.

Expert Comment

ID: 12131341
I'd sure agree with some of your response, SunBow, but it's kinda dangerous to say that "anyone who has performed all of their upgrades will never be affected".

Take Zero Day events - they are generally, by their very nature, exploits that have been found to be useable and an attack is launched before software vendors and AV people even know about it.  Believe me, having experienced it, it isn't pleasant!

Certainly for a major network, the best form of defence is to ensure that your router and firewall configs only allow known traffic and then only on permitted ports. Block by default - NOT the other way around.


Accepted Solution

PeteLee-PortlandOregon earned 1000 total points
ID: 12137908
1) DEFINATELY patch your server OS.  This is one of the single biggest reasons why so many Windows servers are vulnerable--people aren't aware of the importance of security updates.

I'd also note that UNIX servers (Linux, BSD, Solaris, etc.) have similar patching requirements.  Perhaps not as often, but it's no less important.

2) I'm leery of ZoneAlarm--it can have rather adverse effects on system stability.  I'm also skeptical of running a software firewall that may not protect your server against attacks that are lower down on the OSI stack (i.e., Layer 3, IP).

3) Get a hardware firewall, enable NAT, and learn to configure it properly.  For home use, there are plenty of decent brands out there (Linksys, Netgear, etc.).

If you're a small business that can't afford to spend a lot, the Kentrox Q-Series router is worth a look.  It's relatively inexpensive, and has an Intrusion Detection System built in that can dynamically respond to DoS attacks and the like.  There are other options as well (SonicWall is another).

4) Security through obscurity is a myth.  The IP address I use for my home connection is regularly the subject of port scans.  Just because you don't have a domain name doesn't mean that they won't find you.

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question