• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

DMZ and DoS attacks

Since a DoS attack will take out a proxy, and the proxy will probably spare the internal server, what happens to the internal server abilities to service its clients

Perhaps I should ask this regarding normal configuration:

Would the internal server have access to more than one proxy if it goes down.

Would you have two or more internal servers or applications, with their own private proxy, but they will still service the same database

How does this work, or rather how is the system configured to survive a DoS on a proxy

njd
0
Anthony Lucia
Asked:
Anthony Lucia
2 Solutions
 
0xSaPx0Commented:
It will be like pulling your internet connection.

Email services will be up but unable to send/recieve.
Web browsing dies completely.
etc. etc.

Its not the service usually effected by the DOS, its the pipe used by the service. The freeway is a great example, the freeway, cars, source and destination all work, however there is so much congestion nothing gets where it should go.
0
 
Anthony LuciaAuthor Commented:
So if you have a proxy, through the firewall to the App, and the proxy gets hit by a DoS, how do you respond

Is there a way to get the app working again
0
 
TintinCommented:
Are you talking about a reverse proxy?

Are you talking about internal clients?
0
 
0xSaPx0Commented:
If you are subject to a denial of service attack it will be mass congestion of your network connection, the apps you run, the proxies that filter traffic and the routers that route do not make any difference.

If this occurs you call your ISP and ask them for help.
0
 
Rich RumbleSecurity SamuraiCommented:
You have to work with the ISP if your getting some of today's largest DDOS attacks, and even some smaller ones. The ISP and it's peer's are the only way to deal with traffic that has filled up your connection. Todays DDOS's cannot be mitigated with hardware or applications that simply try to send RST packets, the pipes are too full for the RST packet to kill all the connections. The ISP or it's peers have to siphon the data off:
http://arstechnica.com/security/2013/03/how-whitehats-stopped-the-ddos-attack-that-knocked-spamhaus-offline/
If connection providers would do a little better job with some kinds of egress traffic we could all benefit.
-rich
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now