Solved

DMZ and DoS attacks

Posted on 2014-04-02
5
400 Views
Last Modified: 2014-04-03
Since a DoS attack will take out a proxy, and the proxy will probably spare the internal server, what happens to the internal server abilities to service its clients

Perhaps I should ask this regarding normal configuration:

Would the internal server have access to more than one proxy if it goes down.

Would you have two or more internal servers or applications, with their own private proxy, but they will still service the same database

How does this work, or rather how is the system configured to survive a DoS on a proxy

njd
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Accepted Solution

by:
0xSaPx0 earned 500 total points
ID: 39973307
It will be like pulling your internet connection.

Email services will be up but unable to send/recieve.
Web browsing dies completely.
etc. etc.

Its not the service usually effected by the DOS, its the pipe used by the service. The freeway is a great example, the freeway, cars, source and destination all work, however there is so much congestion nothing gets where it should go.
0
 

Author Comment

by:Anthony Lucia
ID: 39973585
So if you have a proxy, through the firewall to the App, and the proxy gets hit by a DoS, how do you respond

Is there a way to get the app working again
0
 
LVL 48

Expert Comment

by:Tintin
ID: 39973724
Are you talking about a reverse proxy?

Are you talking about internal clients?
0
 
LVL 10

Assisted Solution

by:0xSaPx0
0xSaPx0 earned 500 total points
ID: 39974929
If you are subject to a denial of service attack it will be mass congestion of your network connection, the apps you run, the proxies that filter traffic and the routers that route do not make any difference.

If this occurs you call your ISP and ask them for help.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39976653
You have to work with the ISP if your getting some of today's largest DDOS attacks, and even some smaller ones. The ISP and it's peer's are the only way to deal with traffic that has filled up your connection. Todays DDOS's cannot be mitigated with hardware or applications that simply try to send RST packets, the pipes are too full for the RST packet to kill all the connections. The ISP or it's peers have to siphon the data off:
http://arstechnica.com/security/2013/03/how-whitehats-stopped-the-ddos-attack-that-knocked-spamhaus-offline/
If connection providers would do a little better job with some kinds of egress traffic we could all benefit.
-rich
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does ADMT SID History work? 1 46
SCSM reports export 1 52
SMTP connect() failed - WordPress 6 59
Exchange2013 MAPI 6 65
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question