July 3rd, 2004, 05:11 PM
i have dD.o.S problem
one hacker attacked my website with DoS attack.What should i for this problem?
Excuse me I can speak basic english.If you writed with basik english.i am happy.
July 3rd, 2004, 05:19 PM
What kind of web site? Is it hosted from your computer? If so, a firewall is supposed to be able to take care of a DoS attack. If it is remotely hosted, it also affects the company hosting the web site and they should take action.
July 3rd, 2004, 08:54 PM
yeah good point,im kinda new but i see what your saying.get a web site hosted by someone esle then you don't have to wrry about it.
July 3rd, 2004, 10:44 PM
True, only if you can afford to pay that much a month. From the sound of it, I am going to assume that this site is on a computer of yours because you would not have known about this DoS attack if your site was hosted by someone else. keezel is right, a firewall will put a stop to that.
get a web site hosted by someone esle then you don't have to wrry about it.
I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey
July 3rd, 2004, 10:55 PM
If you just need a firewall, here are a few free commonly used personal firewalls.
-Take your pick. All should meet your needs though people have vastly differing opinions of each. Just find one that works for you and go with it. Good luck!
July 3rd, 2004, 11:05 PM
I would actually recommend Kerio for this. I have found the configuration to be somewhat nicer than the rest of the free ones out there.
With Kerio, you also get an IDS.
Oh yeah, if you're running Linux, look into IPtables/IPChains.
Real security doesn't come with an installer.
July 4th, 2004, 12:28 AM
If using Linux/Iptables what can you do to reduce or even avoid the Dd0s? ( Possible? )
I have seen so much so i dont know what to belive.
July 4th, 2004, 03:00 AM
What kind of DNS do you have? If it's locally hosted try to renew your IP [provided your ISP doesn't give you a static] and then update your DNS settings [if you're using dyndns.org or something].
July 4th, 2004, 04:06 PM
The action you need to take depends on the type of DoS attack
If it's a web application / web server DoS attack, it needs fully formed TCP connections to be effective - therefore it cannot use spoofed IPs, so you should record the IPs and block them at your firewall. Also you can use some web sevrer plugin modules like mod_security or its IIS equivalents to identify DoS attempts and block them, also some lame bandwidth DoS attempts.
If it's a synflood, just turn syn cookies on on your web servers or redirectors, job done.
If it's a bandwidth DoS, that is the hardest problem, it will be using spoofed source IPs set randomly, so you can't block the IPs at an upstream firewall. The DoSers will be using a TCP packet type which is part of legitimate traffic, so you can't block it upstream by flags or port numbers either.
Of course a local firewall has absolutely no effect on a bandwidth DoS, because the bandwidth is exhausted before it even gets there.
Your best bet is to work with your upstream providers, and get them to work with their peers to identify the routes used by the DoS traffic, and attempt to narrow it down to a given area, and if it's a truly distributed attack, there may be little they can do.
One option is to get your upstream provider to install some kind of QoS to somehow limit this traffic, to give established legitimate connections higher priority, or to set up a stateful firewall upstream, but again, this is dependent on how much resources your upstream provider have to throw at the problem.
No, it isn't.
a firewall is supposed to be able to take care of a DoS attack