What type of firewall do i need to stop DOS attacks?

I operate a wireless ISP (WLAN) and have a fiber-optic backbone that provides service to a couple hundred subscribers. A few months ago, my provider (Surewest) called to tell me about a DOS attack that was coming through on my ip address. I use a Linksys RV016 router, which handled the traffic on the network very well prior to the DOS attack. Now, the DOS attack is overwhelming the router and causing a degredation in performance on my WLAN.
I know the attack is coming from the outside and the Linksys hardware firewall is doing okay, but i want to keep the attack from even getting to the router. I was looking at getting a Sonic Firewall, but my provider said that may stop some but it still may not be able to completely prevent the attack from overwhelming the router.
Is there a solution that anyone can recommend to prevent DOS attacks from overwhelming the router?

FYI- I do have public ip addresses and i use NAT. Ive tried to configure the firewall to "deny" certain port access and leaving just the basic ones open, like 80, 8080, etc. HOwever, it didnt seem to stop the attack. For example, in the log: "connection refused - policy violation TCP 71.115.41.177:50554->66.60.152.66:51413 on ixp1" and these happen every second, from some different ip -> to the same 66.60.152.66: something.

Any insight would be greatly appreciated.
SkyHi_BillAsked:
Who is Participating?
 
ee_autoCommented:
Question PAQ'd, 500 points not refunded, and stored in the solution database.
0
 
OriNetworksCommented:
If you have a Cisco device you can read this guide from Cisco http://www.cisco.com/en/US/tech/tk59/technologies_white_paper09186a0080174a5b.shtml

Additionally, I know that Microsofts ISA 2006 can detect dos attacks and block traffic from those ip addresses temporarily.
0
 
ccsistaffCommented:
What you need is deep packet inspection, also referred to as Intrusion Prevention System (IPS).  Cisco units can offer this feature using their Intrusion Prevention System (IPS) in either the ASA firewall line or the Cisco IOS Router with Firewall Feature Set.  The IOS and ASA offer IPS capabilities, but you'll want to load the device with as much RAM as you can because IPS features will eat as much of it as it can and has been known to crash the firewall if too many signatures are active.  SonicWALL has similar features with their IPS implementation.  In either case you'll need to pay a yearly subscription to keep up the signature updates.  Using IPS you can configure violations to drop, reset, or alert a logging server.  If you're providing ISP services to companies, it would be worth your while to monitor your firewall for attacks like this.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
netwhwCommented:
Shouldnt Surewest block this attack for you ?
They should be able to block the packets even before reaching your border router, of course depends on how BIG is this attack...
Anyway getting better equipement is a must have ...
0
 
rsivanandanCommented:
Any firewall with stateful inspection properties would prevent the DOS for you. Now what it means is the firewall will take the hit. Look for TCP sync cookie in google for more information.

Cheers,
Rajesh
0
 
Mohamed OsamaSenior IT ConsultantCommented:
In addition to the above advice,I wish to add that your provider may be correct to some extent, sometimes you can not stop or recover from DOS attacks 100% without disrupting your service, if the attacks were executed properly , there are some advanced DDOS attacks, that if executed by attackers on a large scale could take down pretty much any host, something like distributed reflected denial of service (DRDOS) comes to mind, I have only seen this exploited by attackers twice , but I assure you it is happening, so as advised above one can only do as much, practice due diligence , invest in Infrastructure upgrades, optimize firewalls & IPS rules ,hire security professionals,etc.. .
further reading below
http://staff.washington.edu/dittrich/misc/ddos/
http://palisade.plynt.com/issues/2006Apr/ddos-reflection/
hope this helps.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.