Re: DOS Attack?

From: Suramya Tomar (security_at_suramya.com)
Date: 11/25/04

Next message: Hernán M. Racciatti: "IPFront"

Previous message: Carlos Garcia: "deny access"
In reply to: Shawn Wall: "DOS Attack?"
Next in thread: Mario Pascucci: "Re: DOS Attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Shawn Wall <sjwall@shaw.ca>
Date: Thu, 25 Nov 2004 14:03:11 -0500

Hi Shawn,
I would suggest that you check the internal machine for viruses and
spyware. You could also try moving the machine to a different IP and see
if that changes anything. If the attack is resumed after you move the IP
then you should take that system off the network and do an integrity
check on the machine.

You can also blacklist the external host at the firewall preventing it
from contacting any system's on your network which should fix the DOS
problem.

Hope this helps.

- Suramya

> Hi List,
>
> I'm currently experiencing network outages due to what appears to be DOS
> attacks. I'm running a wireless ISP using a Cisco 2611 and CBAC and I have a
> /24 public address range. During the outage I can see traffic from a single
> external host sending thousands of packets to a single internal host. I
> don't have port 80 inbound open in my ACLs so I don't understand how the
> external host is even able to contact the internal host to begin with.
> Secondly, how is it possible for an attack on 1 internal host to cripple the
> rest of my network? Any feedback would be welcome. Thanks.
>
> shawn
>

-- 
-------------------------------------------------
Name        : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
************************************************************
Disclaimer:
Any errors in spelling, tact, or fact are transmission errors.
************************************************************

Next message: Hernán M. Racciatti: "IPFront"

Previous message: Carlos Garcia: "deny access"
In reply to: Shawn Wall: "DOS Attack?"
Next in thread: Mario Pascucci: "Re: DOS Attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Network Attack
... A few packets come from some host outside our network. ... external host with "ICMP time exceeded in-transit" packets. ... debuging things like this that I could share my tcpdump? ...
(freebsd-isp)
Re: Network intermittently goes down constantly!
... > when the network is up, I can ping an external host and I ... > see the activity light on my network card indicating that the packets were ...
(microsoft.public.win2000.networking)
Testing the firewall ruleset in my router
... I'm trying to make a network assessment of the DSL router I use in my ... as a step to take before adding a new server inside the ... There must be a way to simulate acting from an external host while ...
(comp.security.firewalls)