-
I wouldn't suggest leaving your platform, I know the article I posted discusses Linux, many of the themes are still applicable.
There are two main types of DDoS attacks:
1. Those that just plain consum all of your bandwidth.
2. Those that exploit a developed latency.
#1 cannot be defended against at your end, so no point in worrying about it, that is your ISP's job. #2 is dealt with by patching against known exploits like SYN flooding which has already been covered, load balancing if possible to keep a single system from being overwhelmed with cpu/memory intensive processes, disable all unused protocols (under advanced TCP/IP settions > options > TCP/IP filtering), and lastly an NIDS/Firewall that learns and when it sees what looks like an attack from a system, that system's future requests are ignored for X time. There are many ways to do this depending on your budet and particular needs.
One more thing, as an NT web server admin, I think you might find this software handy:
https://www.argus-systems.com/catalogue/protector/
Argus is the same company that makes Pittbull/LX which is a wonderful trusted operating system that uses DBAC to manage it's labeled security. This DBAC technology has now been slightly extended to NT. You can completely compromise the admin or system account or whatever, but if you know anything about labeled security you will know that you cannot escape you label so no permissions are gained even with a system shell. :)
-
A DoS attack can virtually be done in each way of comunication. But the TCP flood is generally the more efficient if your systems are well patched and configured.
For UDP and ICMP floods, the most common attacks are probably Smurf and Fraggle attacks.
The principle of the Smurf attack is to send an icmp-echo (ie. a ping) to the broadcast adress of a network with the source adress of the target. The replies from all others computers will flood the targeted computer. The Fraggle is nearly the same thing with UDP and a port like echo.
I know that Windows 2k and FreeBSD are configured by default in order to avoid Smurf attacks but I'm not sure for Fraggle.
Anyway, if the attacker can deploy a bigger bandwith than you, so he can consume all your bandwith. And you will never be able to avoid this risk.
KC
-
there is no perfect way to stop a strong DDoS attack, plane and simple
-
PakiBlue;
in the known world there no solution to prevent DDOS and especially DrDOS for ppl or corporation.
As far as I know, the only way to solve the problem is a global agreement btw all world ISP, let's say that's almost an utopie.
Few weeks ago I posted a referenced news about Pakistan ISP wanting to tackle the threat but to have it efficient a cooperation with all others ISP is required. Maybe Paki will be the start of the internet ISP revolution... who knows!
http://www.antionline.com/showthread...&highlight=DOS
At your point the only thing u can do is to advice to corporation simple rules like antivirii updates, anti spoofing ACLs, IDS & firewall (to fight zombies) in order to avoid their IP host to participate in a DDoS attack, but not to protect themselves.
For the precise DDoS pb I don't think that any financial will accept to pay for measures that prevent its cie to attack a remote victim without getting the insurance to be protected....
it seems that we'll have to live with DDoS for still a long time
