-
March 11th, 2003, 02:12 PM
#1
Junior Member
DoS Attack
First of let me start by telling you Im running XP Home on my system,and using Sygate Personal Firewall (freeware). Now let me get to the point. When I was at work yesterday I recieved 4 or 5 DoS attacks on my system. When I relized what had happened I try to look at the attackers IP and ran a whois on he/she. It seemed to me that the person was jumping from router to router, because I really couldnt get a valid location, or maybe I just dont know WTF im doing.
What I really want to know is how I should go persue this the next time I recieve a DoS attack on my system, and how I could prevent it from happening by maybe patching whatever he/she used to attack.
\"Any people that would give up liberty for alittle temporary safety, deserves neither liberty nor safety\" [glowpurple]Benjamin Franklin[/glowpurple]
-
March 11th, 2003, 02:39 PM
#2
maybe (since DoS) the packets could have been spoofed?
did you count the Hops?
yeah, I\'m gonna need that by friday...
-
March 11th, 2003, 02:44 PM
#3
Senior Member
i see your problem mate...Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.
There are so many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols... For all known DoS attacks, there are software fixed that system administrators can install to limit the damage caused by the attacks.
Like viruses, new DoS attacks are constantly being dreamed up by hackers .
u can visit this link.. perhaps it can help you out from ur prob. againts DOS attacks.
good luck .
-
March 11th, 2003, 02:55 PM
#4
Junior Member
It sounds like attacker was using misconfigured routers to route DoS traffic to your machine. Router that doesn't check if outgoing source packets are belonging to its subnet, can be used to route spoofed over-sized packets, which will affect denial of service at their target.
Good reading:
CIAC white paper about distributed denial of service, get it here: http://hackbox.thematrix.gr/archive/s34.zip
rdev - 01110010 01100100 01100101 01110110
\"The difficult we do immediately. The impossible takes a little while longer.\" - U.S. Navy Seabees
-
March 11th, 2003, 02:57 PM
#5
Given the events of the last two days, I'd put it more as the Deloder worm as having an effect on him than older DoS tools like P.o.D., smurf, jolt, etc.
As for preventing a DoS, there really isn't much you can do other than ask your ISP for a new IP address. You can install a firewall like ZoneAlarm, TinyFirewall or Agnitums's Outpost (all free last I checked) and pickup the address from there. Then, you could contact the "offender's" ISP and ask them to deal with it. As for them jumping from router to router, I think that's more the traffic is coming from a variety of sources or the source IP is spoofed.
Do you know what port the DoS is attacking?
-
March 11th, 2003, 08:19 PM
#6
Senior Member
i guess the DOS attacking port 1026 or 1026 ..
to check it you may follow this :
How to check for the machine:
1.) Use "rpcinfo -p [hostname]" to scan for machines where server is running, and note down the port number given to it.
2.) Use "telnet [hostname] [n-1]" to try to connect to the port with the next lower number
If the connection was established, and you can type something without being thrown out and without getting any response back.
i guess the DOS attacking port 1026 or 1026 ..
i made mistake .. it is not port 1026 or 1026 but 1025 or 1026 .. hope this suggestion not confusing you .
-
March 12th, 2003, 01:50 PM
#7
Junior Member
Wow thank you ladies and gents. This information has been very helpfull, now I just have some reading to do. Im pretty tired this morning to. Cya all later. Oh yea sorry for putting my post in the Firewall and Honeypot, It should have been more directed to the Security forum this will not happen agian.
\"Any people that would give up liberty for alittle temporary safety, deserves neither liberty nor safety\" [glowpurple]Benjamin Franklin[/glowpurple]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|