Results 1 to 7 of 7

Thread: DoS Attack

  1. #1
    Junior Member
    Join Date
    Mar 2003
    Posts
    8

    DoS Attack

    First of let me start by telling you Im running XP Home on my system,and using Sygate Personal Firewall (freeware). Now let me get to the point. When I was at work yesterday I recieved 4 or 5 DoS attacks on my system. When I relized what had happened I try to look at the attackers IP and ran a whois on he/she. It seemed to me that the person was jumping from router to router, because I really couldnt get a valid location, or maybe I just dont know WTF im doing.

    What I really want to know is how I should go persue this the next time I recieve a DoS attack on my system, and how I could prevent it from happening by maybe patching whatever he/she used to attack.
    \"Any people that would give up liberty for alittle temporary safety, deserves neither liberty nor safety\" [glowpurple]Benjamin Franklin[/glowpurple]

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    maybe (since DoS) the packets could have been spoofed?
    did you count the Hops?
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    i see your problem mate...Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.
    There are so many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols... For all known DoS attacks, there are software fixed that system administrators can install to limit the damage caused by the attacks.
    Like viruses, new DoS attacks are constantly being dreamed up by hackers .

    u can visit this link.. perhaps it can help you out from ur prob. againts DOS attacks.

    good luck .

    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

    http://www.AntiOnline.com/sig.php?imageid=389

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    21
    It sounds like attacker was using misconfigured routers to route DoS traffic to your machine. Router that doesn't check if outgoing source packets are belonging to its subnet, can be used to route spoofed over-sized packets, which will affect denial of service at their target.

    Good reading:
    CIAC white paper about distributed denial of service, get it here: http://hackbox.thematrix.gr/archive/s34.zip
    rdev - 01110010 01100100 01100101 01110110

    \"The difficult we do immediately. The impossible takes a little while longer.\" - U.S. Navy Seabees

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Given the events of the last two days, I'd put it more as the Deloder worm as having an effect on him than older DoS tools like P.o.D., smurf, jolt, etc.

    As for preventing a DoS, there really isn't much you can do other than ask your ISP for a new IP address. You can install a firewall like ZoneAlarm, TinyFirewall or Agnitums's Outpost (all free last I checked) and pickup the address from there. Then, you could contact the "offender's" ISP and ask them to deal with it. As for them jumping from router to router, I think that's more the traffic is coming from a variety of sources or the source IP is spoofed.

    Do you know what port the DoS is attacking?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    i guess the DOS attacking port 1026 or 1026 ..
    to check it you may follow this :

    How to check for the machine:

    1.) Use "rpcinfo -p [hostname]" to scan for machines where server is running, and note down the port number given to it.

    2.) Use "telnet [hostname] [n-1]" to try to connect to the port with the next lower number
    If the connection was established, and you can type something without being thrown out and without getting any response back.

    i guess the DOS attacking port 1026 or 1026 ..
    i made mistake .. it is not port 1026 or 1026 but 1025 or 1026 .. hope this suggestion not confusing you .

    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

    http://www.AntiOnline.com/sig.php?imageid=389

  7. #7
    Junior Member
    Join Date
    Mar 2003
    Posts
    8
    Wow thank you ladies and gents. This information has been very helpfull, now I just have some reading to do. Im pretty tired this morning to. Cya all later. Oh yea sorry for putting my post in the Firewall and Honeypot, It should have been more directed to the Security forum this will not happen agian.
    \"Any people that would give up liberty for alittle temporary safety, deserves neither liberty nor safety\" [glowpurple]Benjamin Franklin[/glowpurple]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •