Solved

Dealing with DDOS and other traffic attacks...

Posted on 2004-09-16
4
264 Views
Last Modified: 2010-04-11
I know this is an age old question, but I was wondering how people have dealt with DDOS attacks in the past on various architectures?
0
Comment
Question by:cbtech
4 Comments
 
LVL 1

Expert Comment

by:Keravi
Comment Utility
Hello cbtech!

Well the best thing is to check with your ISP to see if they offer support for their customers when experiencing a DDoS attack. It will be most effective if they (your ISP) can block the offending traffic before it even is routed to your network. If they can't do this, then you will still 'see' all of the traffic and have to deal with it, meaning you'll still get DoS'd as all of your bandwidth will be taken (referring to a flood type attack where the intent is to use all of your bandwidth).

If you are wanting to know the technical side of things you could check Cisco (http://www.cisco.com/warp/public/707/newsflash.html for example) and other router vendors as they have many different resources on what happens and how to prevent the various types of DDoS attacks.

The site (http://www.denialinfo.com/) has some very good links to sites that describe the various defense and incident response strategies that are used to combat DDoS attacks.

An important thing to remember is that you don't just want to protect against DDoS attacks coming into your network, but also you want to protect against being an unwilling participant in a DDoS, that is, you don't want to find that your systems have been infected with software that is actively attacking your Internet neighbors!
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
1) Do not network. Keep server off the cable. (seriously, it can be done and is)

2) Be anonymous.  If you do not have requirement for specific name or address, then do not set one up to cater to mere vanity.  Generally, servers need it, workstations/desktops do not.

2a) NoTell.  Do not brag about yourself leaving identity traces all over the place even if they do offer freebies or rewards for eating hamburger # 1,000,000

3) Upgrade.  For any kind of attack, odds are good that it is due to some flaw that is being exploited, and there is a fix around, and anyone who has performed all of their upgrades will never be affected.

4) Firewall. Hardware is better, but no firewall is end all. For plain consumers, they are doing well enough by running freeware products such as zonealarm, which can also block malware from leaving your system

5) Use good ISP, but do not count on them.  The better ones now do not allow customers to run malware for long, telling them to upgrade or goodbye

6) at home, use dial up instead of direct connect. It is like #2, making you a little more transparent and harder to abuse for long.

7) Disconnect abusers. If someone participates in attack, but does not know they are surrogate, too bad, kick them out anyway until they get with the program and upgrade properly.

8) No Loaners.  Don't let anyone or anything 'borrow' your computer for any reason if you want to maintain security. If another has used it, rebuild it from scratch to lock it down again.

9) switch to unice, any version of unix is better at this than the popular brand

10) Never run anything that you have not purchase and guarantee for, and know how to run and what it is supposed to do. Keep it simple. Nothing strange should be running.
0
 

Expert Comment

by:pkwatson
Comment Utility
I'd sure agree with some of your response, SunBow, but it's kinda dangerous to say that "anyone who has performed all of their upgrades will never be affected".

Take Zero Day events - they are generally, by their very nature, exploits that have been found to be useable and an attack is launched before software vendors and AV people even know about it.  Believe me, having experienced it, it isn't pleasant!

Certainly for a major network, the best form of defence is to ensure that your router and firewall configs only allow known traffic and then only on permitted ports. Block by default - NOT the other way around.

Paul.
0
 

Accepted Solution

by:
PeteLee-PortlandOregon earned 250 total points
Comment Utility
1) DEFINATELY patch your server OS.  This is one of the single biggest reasons why so many Windows servers are vulnerable--people aren't aware of the importance of security updates.

I'd also note that UNIX servers (Linux, BSD, Solaris, etc.) have similar patching requirements.  Perhaps not as often, but it's no less important.

2) I'm leery of ZoneAlarm--it can have rather adverse effects on system stability.  I'm also skeptical of running a software firewall that may not protect your server against attacks that are lower down on the OSI stack (i.e., Layer 3, IP).

3) Get a hardware firewall, enable NAT, and learn to configure it properly.  For home use, there are plenty of decent brands out there (Linksys, Netgear, etc.).

If you're a small business that can't afford to spend a lot, the Kentrox Q-Series router is worth a look.  It's relatively inexpensive, and has an Intrusion Detection System built in that can dynamically respond to DoS attacks and the like.  There are other options as well (SonicWall is another).

4) Security through obscurity is a myth.  The IP address I use for my home connection is regularly the subject of port scans.  Just because you don't have a domain name doesn't mean that they won't find you.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now