Date: Mon, 19 Nov 2001 16:13:22 -0000 From: Lee Brotherston <lee.brotherston@uk.easynet.net> To: 'xmen koh' <xmenkoh@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: RE: How to stop DoS Attack?? Message-ID: <7052044C7D7AD511A20200508B5A9C58516989@MAGRAT>
next in thread | raw e-mail | index | archive | help
| Recently I got a DoS on my web server. Does anyone | know how to | stop a DoS attack and prevent it from happen again? | Some help | will be appreciated to explain the below TCPDump which | I got | during the attack. When you encounter a DoS or DDoS, what can be done is largely based on the type of DoS. If it tries to use up resources of a machine my constantly requesting come processor intensive cgi on a webserver for example then some firewalling will probably suffice. If however it is the kind of attack which is designed to take up network resources, then it is a different matter. DoS's that saturate lines are seldom solved with firewalling at your end, as the likelihood is that your connection is probably already saturated by the time it reaches your firewall. The best course of action is to gather as much information as possible, and to try to get in touch with your ISP or upstream provider. Depending on their internal policies etc, they may be able to add some filters in the router that provides your connectivity, maybe even at their borders if the DoS can be traced to peering points etc. Having done this then you can attempt to get in contact with the administrators of the systems that are attacking you, and/or their upstreams in order to raise an abuse complaint, if it is relevant. Hope it's of some use Lee -- Lee Brotherston - IP Security Manager, Easynet Ltd http://www.easynet.net/ Phone: +44 20 7900 4444 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7052044C7D7AD511A20200508B5A9C58516989>