November 4th, 2002, 02:45 PM
I was using mIRC, and suddenly my incoming traffic became very busy. The bytes were moving very fast. But there's no incoming traffic. And connections starts to lag... I'm using Windows ME, Zone Alarm installed. I suspect that I've been packet flooded, or suffering from Dos or DDos attacks. Is there anything I can do to prevent this?
November 4th, 2002, 02:49 PM
hmmm, windows ME huh?
well you could start by getting a dos prompt up and typing deltree \y *.* =)
just playin, open up zone alarm and check to see if theres any updates available, and then, go to http://www.downloads.com and check out a few other firewalls, check out the firewalls and honeypots board and look around there for ideas and you should be ok, theres lotsa lamers on chat but updating your walls and maybe checking out a port blocker should help.
November 4th, 2002, 03:41 PM
Have you examined the Alerts yet to see what was going on, or were there any alerts at all? I don't mean to sound like I'm knocking ZA, but you might want to try Agnitum Outpost for a while, cause its log files are a bit easeir to read and browse than Zone Alarm, and it also has built in DOS protection, which might help you if that is indeed what happened.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
November 4th, 2002, 07:55 PM
First thing first, what is this i hear about separate app called port blocker? HUH? If you know your way around, guess what ZA has the feature where you can block ports. Also ZA is pretty good at logging attacks. And as for better DoS protection, guess what a software firewall can only do so much. Plus if someone wants u down, they will take u down. Can you handle 80Mbps of traffic? Smack and ur firewall dead. The point is, you can never be secure 100%. ALso, just like Agnitum Outpost ZA can go into stealth mode. Read up a little more on ZA and you should be good. Also there are some ports you should block. I believe 139 is one of them...dont have more time to go through ports but you get the idea.
[gloworange]I pLaY mY eNeMyS lIkE a ChEsS.[/gloworange]
November 4th, 2002, 10:49 PM
Gore and Syini666 have the right idea. I would recommend tiny personal firewall its great if you have a good handle on ports and tcp/ip in general. But the sad fact is thereís no magic bullet for protecting against all forms DDos attacks because itís an attack on your bandwidth. The best thing you can do is not let the attacker get your ip in the first place.
Its not software piracy. Iím just making multiple off site backups.
November 4th, 2002, 11:09 PM
Somebody must be pinging you and if you have a good and updated firewall you should be able to stop this.
November 4th, 2002, 11:28 PM
My recommendation would be to find out what kind of connections are being made to your computer. A better firewall than ZoneAlarm would be helpful this (my personal favourite is Agnitum Outpost, it does ad blocking, dns caching, very granular rules as well as application based rules (can limit to source ip /dest ip/port or just resort to predifined app rules), and has basic IDS functionality built in. The IDS capability coupled with the reporting of what connections are in existence/being blocked should be very informative/helpful in you finding out what exactly is causing your problem. At that point, maybe even sooner, a conversation with your ISP should clear things up.
EDIT: As an after thought, a personal firewall will NOT help you if you are being DDoS'd. DDoS revolves around CPU/bandwidth consumption, all of which will still be just as consumed when you have a personal firewall (if not more CPU). Your only hope of stopping those type of attacks is by working with your ISP (which is why I mentioned the IDS stuff). Now if you are being victimized by other DoS attacks that are not related to bandwidth/cpu consumption, a personal firewall will help, but it would still be better if you could block it upstream.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
November 5th, 2002, 12:43 AM
Unless you have a static IP address,and/or are running services under a known registered domain,and/or have a very persistant enemy, I doubt you were being DDoSed. IRC however, is a DOSing s'kiddie playground. If everything seems okie dokie now I'd not worry to much about it. IRC: it's a warzone out there
\"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
November 5th, 2002, 07:27 AM
From what I remember, there was a vulnerability on ZA's anti-DOS which made the machine unprotected from a type of that attack. Although there really is no way of defending DDos (like stated above on other posts), firewalls can only probably hold up for a while depending on the majority of how many packets are being sent before crashing.
November 5th, 2002, 08:07 PM
i would recomend that you get a hardware firewall if u are on a broadband connection and set za to put your system in stealth mode. pm me if u want some tips or a price on a good router/firewall.
Ametuers get jail time Pros get jobs.