Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Identifying A DoS Attack...

  1. #1
    Junior Member
    Join Date
    Jun 2003

    Question Identifying A DoS Attack...

    Hello All-

    Here's some background info before I ask my question: Over the past several months, my internet disconnects randomly. It could be twice a day, or as much as 8 times a day.

    So here's my question: if someone is using a Denial Of Service attack on my machine, how can I identify or see if someone it attacking my machine and how can I block them without buying any software?

    *Thanks A Ton Guys*


  2. #2
    Join Date
    Apr 2003
    What is a DoS attack?
    What type of DoS attack hit Yahoo! and others?
    What is a distributed packet flood?
    How can I secure my system against a DoS attack?
    And for prevention:

    All the answers to these wuestions you can get here...


    also a good site on DoS attacks .....


  3. #3
    Join Date
    Mar 2003
    DoS are hard to trace.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Well you could try using something like BlackIce to see if it raises an alert. if you don`t want to shell out for that netstat might help, you can see if there are a large number of connections coming from one address ( may indicate some DoS attacks). You could also try firing up a packet sniffer and seeing what you get.
    Quis custodiet ipsos custodes

  5. #5
    Senior Member
    Join Date
    May 2002

    Re: Identifying A DoS Attack...

    Originally posted here by borgcubes
    Over the past several months, my internet disconnects randomly. It could be twice a day, or as much as 8 times a day.
    Lets not jump to conclusions so quickly : It might not be a Dos attack. You said that it happens quite frequently. One question that is important to ask is do you have a static IP (one that remains the same) or a dynamic IP (DHCP, one that changes everytime you connect to the internet or any other program requiring a connection.) If you have a dynamic IP, then obviously no one is preforming a Dos attack on your because they simply dont know your IP everytime you log on. Maybe your browser wasnt installed correctly in the first place. Anyways, go back and reinstall your browers, thats what i would do after checking to see if i have a static or dynamic ip
    Support your right to arm bears.

    ^^This was the first video game which i played on an old win3.1 box

  6. #6
    Senior Member
    Join Date
    Nov 2002
    white_eskimo, that is not true at all, just because a computer uses DHCP doesnt mean that it changes everytime you connect, your thinking of dial-up, and even if a computer uses DHCP there are many ways that a attacker can find you IP, i.e. zone transfers, DIG, ARIN, to just name a few of the ways, not to mention if you have a trojan installed many of them can e-mail or notify the attacker of the address change, but borg cube memory gave you some very nice sites to look at, i didnt look at them all the way through, but my suggestion would be read those, see if you cant figure out on your own what to do, if you are running a linux distro just use IPtables to block any unwanted packets from a IP addy, and if using windows then you will have to use a firewall such as outpost or zonealarm to block certain unwanted traffic, there are many steps you can take to prevent a DoS but unforunatley it is with any other attack, there is always a way around it. take it easy people.
    Don\'t be a bitch! Use Slackware.

  7. #7
    Junior Member
    Join Date
    Jun 2003
    I full agree with hatebreed2000, to the best of my knowledge everything he has just said is correct.
    The End is Near
    Can you hear it
    Smell It
    Taste It
    It is done

  8. #8
    Senior Member
    Join Date
    Aug 2002
    This may be a bit overboard, but you mind as well read a little about DOS attacks. DOS Whitepaper.

    hatebreed is right - you don't have to have a static IP to be victim of a DOS, or even used in one for that matter. Some DDOS attacks are initiated via IRC. With that in mind, someone may have infected the victim with an IRC trojan that automatically joins a certain channel whenever connected to the Internet. From there, the attacker can issue commands to execute script/code to perform an attack. I should know; I was infected...haha
    Opinions are like holes - everybody\'s got\'em.


  9. #9
    Senior Member
    Join Date
    Nov 2002
    Was the question: how to make sure I'm being dosed?

    There is a single manner: have a look on inbound flows.

    You can do that thanx to several methods:
    - Protocol analyzer such a EtheReal but u'll need to have good networking skills
    - A firewall well configured with logs, (but if it is so well configured, u won't be dosed anymore...)
    - an IDS is definitly the best, theree are daily signature update. And it will do everything for u (since the DoS attack is well known to the siganture database), by logging a beautiful message like "DOS - SYN FLOOD" or whatever ...
    [shadow] SHARING KNOWLEDGE[/shadow]

  10. #10
    Junior Member
    Join Date
    Jan 2003
    Originally posted here by RITESH GAUR
    DoS are hard to trace.
    No, actually DoSes are very easy to trace, unless the attacker does it behind a proxy.
    DDoSes are hard to trace becouse they come from trojaned computers. The trojaned computers make up a botnet.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts