June 4th, 2003, 09:14 PM
Identifying A DoS Attack...
Here's some background info before I ask my question: Over the past several months, my internet disconnects randomly. It could be twice a day, or as much as 8 times a day.
So here's my question: if someone is using a Denial Of Service attack on my machine, how can I identify or see if someone it attacking my machine and how can I block them without buying any software?
*Thanks A Ton Guys*
June 4th, 2003, 09:17 PM
What is a DoS attack?
What type of DoS attack hit Yahoo! and others?
What is a distributed packet flood?
How can I secure my system against a DoS attack?
And for prevention:
All the answers to these wuestions you can get here...
also a good site on DoS attacks .....
June 4th, 2003, 09:46 PM
(-:IF U R A HACKER TRY TO BE ON POINT,IT SAVES TIME:-)
June 5th, 2003, 12:07 AM
Well you could try using something like BlackIce to see if it raises an alert. if you don`t want to shell out for that netstat might help, you can see if there are a large number of connections coming from one address ( may indicate some DoS attacks). You could also try firing up a packet sniffer and seeing what you get.
Quis custodiet ipsos custodes
June 5th, 2003, 12:59 AM
Re: Identifying A DoS Attack...
Lets not jump to conclusions so quickly : It might not be a Dos attack. You said that it happens quite frequently. One question that is important to ask is do you have a static IP (one that remains the same) or a dynamic IP (DHCP, one that changes everytime you connect to the internet or any other program requiring a connection.) If you have a dynamic IP, then obviously no one is preforming a Dos attack on your because they simply dont know your IP everytime you log on. Maybe your browser wasnt installed correctly in the first place. Anyways, go back and reinstall your browers, thats what i would do after checking to see if i have a static or dynamic ip
Originally posted here by borgcubes
Over the past several months, my internet disconnects randomly. It could be twice a day, or as much as 8 times a day.
Support your right to arm bears.
^^This was the first video game which i played on an old win3.1 box
June 5th, 2003, 01:28 AM
white_eskimo, that is not true at all, just because a computer uses DHCP doesnt mean that it changes everytime you connect, your thinking of dial-up, and even if a computer uses DHCP there are many ways that a attacker can find you IP, i.e. zone transfers, DIG, ARIN, to just name a few of the ways, not to mention if you have a trojan installed many of them can e-mail or notify the attacker of the address change, but borg cube memory gave you some very nice sites to look at, i didnt look at them all the way through, but my suggestion would be read those, see if you cant figure out on your own what to do, if you are running a linux distro just use IPtables to block any unwanted packets from a IP addy, and if using windows then you will have to use a firewall such as outpost or zonealarm to block certain unwanted traffic, there are many steps you can take to prevent a DoS but unforunatley it is with any other attack, there is always a way around it. take it easy people.
Don\'t be a bitch! Use Slackware.
June 5th, 2003, 02:06 AM
I full agree with hatebreed2000, to the best of my knowledge everything he has just said is correct.
The End is Near
Can you hear it
It is done
June 5th, 2003, 05:04 AM
This may be a bit overboard, but you mind as well read a little about DOS attacks. DOS Whitepaper.
hatebreed is right - you don't have to have a static IP to be victim of a DOS, or even used in one for that matter. Some DDOS attacks are initiated via IRC. With that in mind, someone may have infected the victim with an IRC trojan that automatically joins a certain channel whenever connected to the Internet. From there, the attacker can issue commands to execute script/code to perform an attack. I should know; I was infected...haha
Opinions are like
holes - everybody\'s got\'em.
June 5th, 2003, 10:43 AM
Was the question: how to make sure I'm being dosed?
There is a single manner: have a look on inbound flows.
You can do that thanx to several methods:
- Protocol analyzer such a EtheReal but u'll need to have good networking skills
- A firewall well configured with logs, (but if it is so well configured, u won't be dosed anymore...)
- an IDS is definitly the best, theree are daily signature update. And it will do everything for u (since the DoS attack is well known to the siganture database), by logging a beautiful message like "DOS - SYN FLOOD" or whatever ...
[shadow] SHARING KNOWLEDGE[/shadow]
June 5th, 2003, 11:34 AM
No, actually DoSes are very easy to trace, unless the attacker does it behind a proxy.
Originally posted here by RITESH GAUR
DoS are hard to trace.
DDoSes are hard to trace becouse they come from trojaned computers. The trojaned computers make up a botnet.