DOS Attack

Discussion in 'Cisco' started by SingSong, Dec 12, 2003.

  1. SingSong

    SingSong Guest

    I'm having massive problem with DOS attack. I got the ACL configured to
    block them, however it's eating up majority of my bandwidth. I called our
    providers (UUNet and Sprint), they say they cannot put a permanent block on
    those ports (most of attacks are on ports 135 and 2048). I noticed most of
    the attacks come from various qwest dialup users, so sent
    several messages with no result.

    What else can I do? Desperately need your advice.
     
    SingSong, Dec 12, 2003
    #1
    1. Advertising

  2. In article <>,
    SingSong <> wrote:
    :I'm having massive problem with DOS attack. I got the ACL configured to
    :block them, however it's eating up majority of my bandwidth. I called our
    :providers (UUNet and Sprint), they say they cannot put a permanent block on
    :those ports (most of attacks are on ports 135 and 2048). I noticed most of
    :the attacks come from various qwest dialup users, so sent
    :several messages with no result.

    :What else can I do? Desperately need your advice.

    You can increase your bandwidth, change your IP with the provider,
    change providers, take your service offline, or pay the providers
    enough that they'll put in a permanent block [you do have static IPs,
    don't you??]

    Another approach you might want to consider is rate-shaping or
    "policing" on the circuits. As I recall, Packeteer has some mechanism
    or other for upstream congestion control -- but if the DoS attack
    is a basic forged SYN attack that doesn't care about seeing the SYN-ACK
    packets, there might simply be nothing you can do from your end
    without the co-operation of the ISPs.
    --
    Contents: 100% recycled post-consumer statements.
     
    Walter Roberson, Dec 13, 2003
    #2
    1. Advertising

  3. SingSong

    Joe Drago Guest

    SingSong wrote:
    > I'm having massive problem with DOS attack. I got the ACL configured to
    > block them, however it's eating up majority of my bandwidth. I called our
    > providers (UUNet and Sprint), they say they cannot put a permanent block on
    > those ports (most of attacks are on ports 135 and 2048). I noticed most of
    > the attacks come from various qwest dialup users, so sent
    > several messages with no result.
    >
    > What else can I do? Desperately need your advice.
    >
    >


    If you have a DoS attack coming across your pipe, it's up to the people
    on the other end of the pipe (read: your ISP) to stop that excess
    traffic. Stopping it at your edge router won't buy you anything since
    the packets are going to cross the pipe anyway. UUNet and Sprint were
    unwilling to help you track the problem down?

    Joe Drago
     
    Joe Drago, Dec 13, 2003
    #3
  4. I would agree... maybe your ISPs won't block traffic entirely, but they
    should be willing to rate-limit specific types of traffic to mitigate the
    DOS.

    Robert

    "Joe Drago" <> wrote in message
    news:V3tCb.46734$...
    > SingSong wrote:
    > > I'm having massive problem with DOS attack. I got the ACL configured to
    > > block them, however it's eating up majority of my bandwidth. I called

    our
    > > providers (UUNet and Sprint), they say they cannot put a permanent block

    on
    > > those ports (most of attacks are on ports 135 and 2048). I noticed most

    of
    > > the attacks come from various qwest dialup users, so sent


    > > several messages with no result.
    > >
    > > What else can I do? Desperately need your advice.
    > >
    > >

    >
    > If you have a DoS attack coming across your pipe, it's up to the people
    > on the other end of the pipe (read: your ISP) to stop that excess
    > traffic. Stopping it at your edge router won't buy you anything since
    > the packets are going to cross the pipe anyway. UUNet and Sprint were
    > unwilling to help you track the problem down?
    >
    > Joe Drago
    >
     
    Bob by The Bay, Dec 13, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim J. Dunn
    Replies:
    2
    Views:
    901
    reshman
    Nov 5, 2003
  2. Gary
    Replies:
    4
    Views:
    3,342
  3. hari
    Replies:
    0
    Views:
    606
  4. Jim
    Replies:
    2
    Views:
    2,532
  5. dorothy.bradbury
    Replies:
    15
    Views:
    1,039
    dorothy.bradbury
    Jul 21, 2003
Loading...

Share This Page