Results 1 to 8 of 8

Thread: DOS Attack on Server!

  1. #1
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Unhappy DOS Attack on Server!

    Hi!
    We have hosted an application on our server which gets accessed across the globe. Everything works fine for years but suddenly from last 2 weeks we face issue that users complaint server not responding. Upon checking our Cisco ASA we identified numerous attempts from IP's from CHINA that tries to connect to our Server. As a result our users unable to access the server, although time to time we are blocking the unknown pools using ASA but yet the Attacks keep on coming from different sources.

    Current Network Setup is As following: -

    ISP => Cisco ASA => SQL Server
    ||
    DC
    ||
    LAN

    OS = Windows 2003 (Also running MS ISA 2004)

    Our application get accessed from different source machines so we can't directly block all unknown source IP for this particular application using Cisco ASA.

    Any suggestion how can we block/minimize these DOS attacks?
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Block all of China. :-P
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    I wish this could have been possible.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Quote Originally Posted by FanacooL View Post
    I wish this could have been possible.
    Maybe this will help you to block some

    For Web server's .htaccess blocklists go here:
    Code:
    http://www.wizcrafts.net/chinese-blocklist.html
    and for firewall/iptables/other formats of ip addresses go here:
    Code:
    http://www.wizcrafts.net/chinese-iptables-blocklist.html
    In addition to this, you can monitor these pages for changes in IP addresses and get the alerts via emails by using this:
    Code:
    http://www.changedetection.com/
    NOTE: The links i have provided are mainly against Asian addresses. If you go to the homepage of wizcrafts you have other countries too such as nigeria etc....

    If my memory is correct then i got these links/ideas from Nihil some time ago, so special thanks to goto Nihil.

    Cheers everyone.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  5. #5
    Junior Member
    Join Date
    Apr 2011
    Posts
    3
    You should look into fail2ban alternatives for Windows, there's got to be something out there like that.

  6. #6
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    @instronics
    Its quite helpful Thanks.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You need to stop it before it hits your webserver.

    http://www.networkstraining.com/conf...tect-from-dos/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Junior Member
    Join Date
    Apr 2011
    Posts
    4
    You have several options with you ASA, you can set connection limits to that server, so when it reaches a high volume of hits it will start shunning those connections and prevent an overload on that server. Another option is to just block that ip or range that is hitting your server.

Similar Threads

  1. PPTP VPN Operation
    By HTRegz in forum Other Tutorials Forum
    Replies: 3
    Last Post: April 18th, 2021, 01:59 PM
  2. Shell Account *HELP*
    By elfguy in forum General Computer Discussions
    Replies: 17
    Last Post: July 7th, 2005, 01:34 AM
  3. Slack BSD
    By gore in forum Operating Systems
    Replies: 2
    Last Post: February 25th, 2005, 08:12 AM
  4. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 10:03 PM
  5. How do Instant Message Services Work?
    By Lansing_Banda in forum Network Security Discussions
    Replies: 2
    Last Post: October 5th, 2003, 02:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •