funsec mailing list archives
Re: DoS help
From: Dan White <dwhite () olp net>
Date: Mon, 8 Nov 2010 20:09:16 -0600
On 08/11/10 17:05 -0600, RandallM wrote:
hi sorry for interrupting the fun in funsec, I work for a small promotional products company that today experienced DoS. Most of you here are above me in understanding such so i will spare you the whole story and am asking for advice to present to my CIO on what measures can be taken to prevent another day where it cost us $$$!
You'll probably get some good suggestions on this topic from the NANOG list.
Once I found the "UDP Echo request" pounding us and contacted ATT/SBC explaining to them how rebooting the router opened the internet for a few minutes until these same request started pounding again all they could tell me was to "email to them" a request to block. Well...the Echo request hit again our IP block address using another IP (both from FR.), the first hits were morning, second wer about two hours of it in the afternoon (I've never experienced where it hit the whole damn thing X.X.X.255) My CIO wants to know what can be done so they can report this to the CEO.
Depending on what services you offer or use, you could invest is hosting your critical services in a data center that could provide expertise in fighting DOS attacks.
At the moment we have two Radware boxes capable of controling our DNS and taking two internet ISP (att or whomever we choose). In theory would switching our ip blocks from one ISP to the other control such? Or would it just also follow?
You could try negotiating a dynamic routing protocol with your ISPs that allow you to announce a dead route for a given IP address or subnet so that the DOS traffic doesn't get routed to you. -- Dan White _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- DoS help RandallM (Nov 08)
- Re: DoS help Dan White (Nov 08)
- Re: DoS help Thomas M Carlsson (Nov 08)
- Re: DoS help der Mouse (Nov 08)
- <Possible follow-ups>
- Re: DoS help RandallM (Nov 09)
- Re: DoS help RandallM (Nov 09)