type of Dos

**Bing** · 04-03-08

Lapta have u been told whether it is Dos or DDos?
The first being the easier to evade:

The secret to deflecting DoS attacks lies in cleverly configuring your firewalls and intrusion detection systems. But it's important to keep in mind that there are two closely related, but still very different, types of DoS attacks. Each attack requires a different approach to redirect and deflect. One is simple ? it should never be said easy ? and straightforward to defend against, while the other is much more complex and harder to evade.
The simple, plain vanilla DoS attack comes from a single malicious source or server. It's meant to take down a network with either an overload of ordinary traffic ? spam e-mail or just bogus data, for example ? or malformed TCP packets that fool routers into thinking it is legitimate traffic. This is the textbook denial-of-service (DoS) attack.
The classic DoS attack can be traced by firewalls, and intrusion detection and prevention systems (IDS/IPS). Monitors and logs should be set to check for unusual spikes in traffic at odd times and incomplete TCP handshakes showing up as fragments of packets. If either of these occurs, your incident response team should be alerted immediately and should check the IP address of the source of the offending traffic. IPSes should be set to divert any and all such traffic away from the network and into a separate subnet set up solely for accepting unwanted traffic. Alternatively, you can direct malicious traffic to a honeypot, but a special subnet is usually sufficient for a simple DoS attack. All traffic sent to the subnet should be completely and carefully logged for later forensics analysis and eventual tuning of routers and firewall rules to block traffic from that IP address.

Or:

Blocking DDoS attacks
Diverting traffic from a distributed denial-of-service (DDoS) attack isn't quite so simple. DDoS attacks are particularly insidious since they originate from multiple IP addresses simultaneously. The bad traffic can originate from thousands of compromised servers scattered around the Internet in a virtual army of zombies or a botnet. In this situation, blocking individual IP addresses is like trying to bat down a swarm of flies with a single flyswatter.
Unfortunately, unlike a single DoS attack, there is no single magic key to repelling these attacks. This doesn't mean you're defenseless, but you have to be more creative in your defensive strategy.
A single honeypot alone won't do the trick. What might do the trick is a defense-in-depth strategy with IPSes at different points in your network to divert suspicious DoS traffic to several honeypots. Here, again, there is no single answer or best topology. It depends on your individual network set up.
But it's vitally important to make sure your network defenders are hardened. It's tempting, since they're only meant to capture junk traffic, to be sloppy in configuring your honeypots. A sophisticated attacker can easily compromise any defensive hardware, including an IPS, and enlist it into its botnet army, turning it against your own network or into a jumping off point for an attack on somebody else's system. Egress filtering should be set up on your routers to prevent this.
Here are some of the old standbys that are still valid for blocking DoS attacks:
? Allow sufficient bandwidth to handle unexpected surges in traffic, a sign of possible malicious activity.
? Patch all servers and routers against vulnerabilities in the TCP stack and against attacks using fragmented packets.
? Set up routers and servers with the minimum amount of services required. Turn off anything unnecessary or easily exploited by a hacker. For example, turn off SMTP on Web servers not used for e-mail.
? Tune firewalls and routers to block IP addresses from malicious sources that consistently show up in logs.
? Strong perimeter security, in general, with hardened servers and aggressive firewall rules can divert many DoS attacks before they even reach the guts of your network.

**Lone** · 04-03-08

your missing a type of attack there its a variant of both of them which makes prevention nigh on impossible unless you can track a computer/network Mac address.

A SIPDOS "Spoofed IP Denial of Service"

One computer sends out all the information, but the computer also sends a different ip address assigned to each bit of information so you can have 1 computer sending a massive attack, but you would never have the same IP address twice, so all the information sent is seen to be legitimate and therefore the router then chokes and dies

from what I have read (and im not expert) its not impossible to track a MAC address but the chances of really slim depending on your abilities to pinpoint the specific network its coming from then getting lucky and finding someone within the ISP that knows what your talking about and who could then give you the info you need.

if we could get someone with crazy network protocol skills they could always try writing some code that could pin point/track MAC addresses, i assume it could make who ever came up with it pretty decent sum of cash as you coudl sell the code to some big dos prevention company (if they actually exist)

but instead of trying to get all technical how about we go back to brute force.

this last attack happened due to Reject losing his IRL mate's kit, How about we offer his mate all his kit back + ?100 sterling for rejects address. then we can just pay him a visit, post his address on the forum and any one who gets pissed off with him can decide to take revenge. say like sign him up to loads of gay porn sites, free health and diet websites with real life mail order scheme, things like that.

if he wants to flood our system with crap, lets flood his home/email with crap and his face with bruises.

some people are to stupid to realise that people can only take so much.

and if i was his mate i would do a deal with Lapta that every time he needed a bit of in game cash he could punch the crap outta reject, take a photo with a paper dated that day, and get an in game payment, maybe 5mil something like that ^^

anyway i need to suggest the payment idea to lapta - it worked a treat for the previous reject named mental he has since failed to dos attack the server again.

anyway back to work for me.

**D1craig** · 04-03-08

well tbh aint this something that only the company hosting the server can do?

**EnJoI** · 04-03-08

Originally Posted by Bing

Lapta have u been told whether it is Dos or DDos?
The first being the easier to evade:

The secret to deflecting DoS attacks lies in cleverly configuring your firewalls and intrusion detection systems. But it's important to keep in mind that there are two closely related, but still very different, types of DoS attacks. Each attack requires a different approach to redirect and deflect. One is simple ? it should never be said easy ? and straightforward to defend against, while the other is much more complex and harder to evade.
The simple, plain vanilla DoS attack comes from a single malicious source or server. It's meant to take down a network with either an overload of ordinary traffic ? spam e-mail or just bogus data, for example ? or malformed TCP packets that fool routers into thinking it is legitimate traffic. This is the textbook denial-of-service (DoS) attack.
The classic DoS attack can be traced by firewalls, and intrusion detection and prevention systems (IDS/IPS). Monitors and logs should be set to check for unusual spikes in traffic at odd times and incomplete TCP handshakes showing up as fragments of packets. If either of these occurs, your incident response team should be alerted immediately and should check the IP address of the source of the offending traffic. IPSes should be set to divert any and all such traffic away from the network and into a separate subnet set up solely for accepting unwanted traffic. Alternatively, you can direct malicious traffic to a honeypot, but a special subnet is usually sufficient for a simple DoS attack. All traffic sent to the subnet should be completely and carefully logged for later forensics analysis and eventual tuning of routers and firewall rules to block traffic from that IP address.

Or:

Blocking DDoS attacks
Diverting traffic from a distributed denial-of-service (DDoS) attack isn't quite so simple. DDoS attacks are particularly insidious since they originate from multiple IP addresses simultaneously. The bad traffic can originate from thousands of compromised servers scattered around the Internet in a virtual army of zombies or a botnet. In this situation, blocking individual IP addresses is like trying to bat down a swarm of flies with a single flyswatter.
Unfortunately, unlike a single DoS attack, there is no single magic key to repelling these attacks. This doesn't mean you're defenseless, but you have to be more creative in your defensive strategy.
A single honeypot alone won't do the trick. What might do the trick is a defense-in-depth strategy with IPSes at different points in your network to divert suspicious DoS traffic to several honeypots. Here, again, there is no single answer or best topology. It depends on your individual network set up.
But it's vitally important to make sure your network defenders are hardened. It's tempting, since they're only meant to capture junk traffic, to be sloppy in configuring your honeypots. A sophisticated attacker can easily compromise any defensive hardware, including an IPS, and enlist it into its botnet army, turning it against your own network or into a jumping off point for an attack on somebody else's system. Egress filtering should be set up on your routers to prevent this.
Here are some of the old standbys that are still valid for blocking DoS attacks:
? Allow sufficient bandwidth to handle unexpected surges in traffic, a sign of possible malicious activity.
? Patch all servers and routers against vulnerabilities in the TCP stack and against attacks using fragmented packets.
? Set up routers and servers with the minimum amount of services required. Turn off anything unnecessary or easily exploited by a hacker. For example, turn off SMTP on Web servers not used for e-mail.
? Tune firewalls and routers to block IP addresses from malicious sources that consistently show up in logs.
? Strong perimeter security, in general, with hardened servers and aggressive firewall rules can divert many DoS attacks before they even reach the guts of your network.

copy and paste ftw?