Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to block a Chargen DrDoS attack?

Posted on 2014-03-27
4
1,410 Views
Last Modified: 2014-03-28
Our organization is getting hit by Chargen DrDoS attacks.  We tried blocking port 19, but that did not help.  We have an ASA 5510, what do we need to do to stop this?
0
Comment
Question by:bpl5000
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
0xSaPx0 earned 250 total points
ID: 39959516
You will likely want to start with your ISP and ask them to help. It is unlikely you will be able to block this yourself, even so the attacker can easily switch methods to thwart your attempts.

Next you can contact law enforcement such as the FBI who have been known to assist with this sort of thing.

Finally, you can attempt to block the traffic using a scripted approach, but honestly it doesn't matter if you do or not, the main point is to saturate the pipe you use, not get past your firewall.
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 39959659
In support of  0xSaPx0, this type of attack is used to exploit vulnerable services outside of your control to saturate your available bandwidth by way of amplification.  See the attachment for more detail.

Another option to look into is Anycast addressing, which will effectively dilute the DDoS attack across multiple data centers geographically.

A very arduous process, you could trace the owners of each vulnerable service, using the attacking IP address, and provide them with mitigation advisories, such as http://www.cert.org/advisories/CA-1996-01.html, in hopes they will patch/close their systems.
An-Analysis-of-DrDoS-SNMP-NTP-CH.pdf
0
 
LVL 5

Author Comment

by:bpl5000
ID: 39961365
I have read that you can disable the chargen service, but I don't know how.  I read this on a website...

Disable Echo, Chargen and discard
     no service tcp-small-servers
     no service udp-small-servers

But these commands do not work on our ASA.  Does anyone know if there is a way to disable the Chargen service on an ASA 5510?
0
 
LVL 5

Author Closing Comment

by:bpl5000
ID: 39962208
We have contacted our ISP.  We were also able to track down who launched the attack and unfortunately a 17 year old boy will be getting a visit from law enforcement.  He probably thought it was a cute joke to play, but now it will bring him trouble.  Oh well, maybe it will deter him from getting into even more trouble in the future.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 60
Use of vpn-filter value  in S2S VPN 2 49
Setting up NAT translation for RDP 6 39
Factory Reset of Juniper SSG20 2 17
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question