 |  |  |  |  |  |  |  |
How do I stop a DOS?
 |
Okay, I know I probably can't stop it, but it seemed like a good title.
I am a junior systems analyst and I monitor Cisco routers and switches. On one of my routers, a Cisco 7200 series running IOS 12.2(15)T17, I have been monitoring a Denial of Service attack for a few weeks now. Someone or some people have it out for us, it seems, and are not only overloading my router's cpu (now runs between 75% and 100%) but they are spoofing IPs to do it. I've placed several blocks at the top of an access list and have even had some hitters big enough to email a few abuse@isp.com addresses. This only does so much. The router is a gateway router so the traffic isn't getting into the network and clogging it up, but the traffic still has to go through the ACLs on the router which uses processing which in turn causes problems for legit traffic trying to come in and out. I guess my question is: is there an easier way to work with this other than spending an hour a day analyzing ip cache flows and placing blocks on a list?
I am a junior systems analyst and I monitor Cisco routers and switches. On one of my routers, a Cisco 7200 series running IOS 12.2(15)T17, I have been monitoring a Denial of Service attack for a few weeks now. Someone or some people have it out for us, it seems, and are not only overloading my router's cpu (now runs between 75% and 100%) but they are spoofing IPs to do it. I've placed several blocks at the top of an access list and have even had some hitters big enough to email a few abuse@isp.com addresses. This only does so much. The router is a gateway router so the traffic isn't getting into the network and clogging it up, but the traffic still has to go through the ACLs on the router which uses processing which in turn causes problems for legit traffic trying to come in and out. I guess my question is: is there an easier way to work with this other than spending an hour a day analyzing ip cache flows and placing blocks on a list?
-Marlin
Hi Tuttlem;
I work as a data centre manager for an organisation with web facing e-commerce gateways and we recently came under attack from both DOS and DDOS attacks...
These combined syn floods, tcp stacks, sql injects and all manner of unwanted traffic that eventually knocked out my IPS resources.
After trying a numer of very expensive cloud based solutions ; we eventually opted for a dedicated solution which sits in front of our interfaces in a HA pair.
This product was WS1000 by Webscreen and because it uses " live intelligence", within 30 mins of their technican attaching the appliance; we were back up and running bacuase we could specify exactly what type of traffic we wanted to let through.
I work as a data centre manager for an organisation with web facing e-commerce gateways and we recently came under attack from both DOS and DDOS attacks...
These combined syn floods, tcp stacks, sql injects and all manner of unwanted traffic that eventually knocked out my IPS resources.
After trying a numer of very expensive cloud based solutions ; we eventually opted for a dedicated solution which sits in front of our interfaces in a HA pair.
This product was WS1000 by Webscreen and because it uses " live intelligence", within 30 mins of their technican attaching the appliance; we were back up and running bacuase we could specify exactly what type of traffic we wanted to let through.
Last edited by SEANDSE; Oct 11th, 2008 at 8:17 pm.
•
•
Join Date: Mar 2005
Posts: 1,213
Reputation: 
Solved Threads: 36
•
•
•
•
Originally Posted by tuttlem 
Okay, I know I probably can't stop it, but it seemed like a good title.
http://www.gcn.com/print/vol20_no17/4573-1.html#
"No one remembers who climbed Mount Everest the second time." — Na Nook.
|
Similar Threads
- my computer will not boot (Windows NT / 2000 / XP)
- qbasic program under Windows XP (Legacy and Other Languages)
- How to run QBAS, DOS etc under Windows XP (Windows NT / 2000 / XP)
- Will DOS games someday become impossible to play? (Troubleshooting Dead Machines)
- DOS automatically closes (Windows NT / 2000 / XP)
- Need DOS help (Windows 95 / 98 / Me)
- Graphics Card issues Stop Command??? (Windows NT / 2000 / XP)
Other Threads in the Network Security Forum
- Previous Thread: Hello
- Next Thread: iptables -m recent conflicting
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
2008 adobe advice antivirus apple banking blackhat botnet browser business china confidentiality crack crime cybercrime daniweb data database dataloss dataprotection development email emailretention encryption europe exploit facebook fail firefox flash forensic fraud gadget gartner google government hack hacker hacking hardware homelandsecurity idtheft information internet iphone kaspersky koobface law linux malware mcafee mckinnon microsoft military mobile music nasa nationalsecurity network networks news obama password passwords pentagon phishing phone php politics privacy report research review sans satnav scam school search security skype socialnetworking software softwaredevelopment spam sqlinjection survey symantec terrorism terrorist theft trends trojan twitter uk usb virus vulnerability web worm yahoo
