Packet Flooding

Printable View

November 4th, 2002, 03:45 PM
xiao_bian

Packet Flooding

I was using mIRC, and suddenly my incoming traffic became very busy. The bytes were moving very fast. But there's no incoming traffic. And connections starts to lag... I'm using Windows ME, Zone Alarm installed. I suspect that I've been packet flooded, or suffering from Dos or DDos attacks. Is there anything I can do to prevent this?
November 4th, 2002, 03:49 PM
gore

hmmm, windows ME huh?
well you could start by getting a dos prompt up and typing deltree \y *.* =)
just playin, open up zone alarm and check to see if theres any updates available, and then, go to http://www.downloads.com and check out a few other firewalls, check out the firewalls and honeypots board and look around there for ideas and you should be ok, theres lotsa lamers on chat but updating your walls and maybe checking out a port blocker should help.
November 4th, 2002, 04:41 PM
Syini666

Have you examined the Alerts yet to see what was going on, or were there any alerts at all? I don't mean to sound like I'm knocking ZA, but you might want to try Agnitum Outpost for a while, cause its log files are a bit easeir to read and browse than Zone Alarm, and it also has built in DOS protection, which might help you if that is indeed what happened.
November 4th, 2002, 08:55 PM
Deranger187

First thing first, what is this i hear about separate app called port blocker? HUH? If you know your way around, guess what ZA has the feature where you can block ports. Also ZA is pretty good at logging attacks. And as for better DoS protection, guess what a software firewall can only do so much. Plus if someone wants u down, they will take u down. Can you handle 80Mbps of traffic? Smack and ur firewall dead. The point is, you can never be secure 100%. ALso, just like Agnitum Outpost ZA can go into stealth mode. Read up a little more on ZA and you should be good. Also there are some ports you should block. I believe 139 is one of them...dont have more time to go through ports but you get the idea.
November 4th, 2002, 11:49 PM
cwk9

Gore and Syini666 have the right idea. I would recommend tiny personal firewall its great if you have a good handle on ports and tcp/ip in general. But the sad fact is there’s no magic bullet for protecting against all forms DDos attacks because it’s an attack on your bandwidth. The best thing you can do is not let the attacker get your ip in the first place.
November 5th, 2002, 12:09 AM
ebo

Somebody must be pinging you and if you have a good and updated firewall you should be able to stop this.
November 5th, 2002, 12:28 AM
nebulus200

My recommendation would be to find out what kind of connections are being made to your computer. A better firewall than ZoneAlarm would be helpful this (my personal favourite is Agnitum Outpost, it does ad blocking, dns caching, very granular rules as well as application based rules (can limit to source ip /dest ip/port or just resort to predifined app rules), and has basic IDS functionality built in. The IDS capability coupled with the reporting of what connections are in existence/being blocked should be very informative/helpful in you finding out what exactly is causing your problem. At that point, maybe even sooner, a conversation with your ISP should clear things up.

/nebulus

EDIT: As an after thought, a personal firewall will NOT help you if you are being DDoS'd. DDoS revolves around CPU/bandwidth consumption, all of which will still be just as consumed when you have a personal firewall (if not more CPU). Your only hope of stopping those type of attacks is by working with your ISP (which is why I mentioned the IDS stuff). Now if you are being victimized by other DoS attacks that are not related to bandwidth/cpu consumption, a personal firewall will help, but it would still be better if you could block it upstream.
November 5th, 2002, 01:43 AM
doktorf00bar

Unless you have a static IP address,and/or are running services under a known registered domain,and/or have a very persistant enemy, I doubt you were being DDoSed. IRC however, is a DOSing s'kiddie playground. If everything seems okie dokie now I'd not worry to much about it. IRC: it's a warzone out there :)
November 5th, 2002, 08:27 AM
Azn_Acid02

From what I remember, there was a vulnerability on ZA's anti-DOS which made the machine unprotected from a type of that attack. Although there really is no way of defending DDos (like stated above on other posts), firewalls can only probably hold up for a while depending on the majority of how many packets are being sent before crashing.
November 5th, 2002, 09:07 PM
mmoehring

i would recomend that you get a hardware firewall if u are on a broadband connection and set za to put your system in stealth mode. pm me if u want some tips or a price on a good router/firewall.
November 6th, 2002, 05:38 AM
Showtime8000

Check out bugtraq, I read this recently:
http://online.securityfocus.com/bid/5975
November 7th, 2002, 02:02 AM
doktorf00bar

WTF??

I soooo hate to do this, but I can't hold back:
To the BITCH that negged me I really want to know why you couldn't even write a comment PRETENDING to explain what your problem with my post earlier in this thread was. Be a man and own up, or balance your negs somewhere else. You obviously have a lot of APs, but I'll be damned if you seem like a good AO member.
Anyone who wants to neg me on this post go ahead, but at least write a comment for christs sake.