 |  |  |  |  |  |  |  |
How do I stop a DOS?
 |
Okay, I know I probably can't stop it, but it seemed like a good title.
I am a junior systems analyst and I monitor Cisco routers and switches. On one of my routers, a Cisco 7200 series running IOS 12.2(15)T17, I have been monitoring a Denial of Service attack for a few weeks now. Someone or some people have it out for us, it seems, and are not only overloading my router's cpu (now runs between 75% and 100%) but they are spoofing IPs to do it. I've placed several blocks at the top of an access list and have even had some hitters big enough to email a few abuse@isp.com addresses. This only does so much. The router is a gateway router so the traffic isn't getting into the network and clogging it up, but the traffic still has to go through the ACLs on the router which uses processing which in turn causes problems for legit traffic trying to come in and out. I guess my question is: is there an easier way to work with this other than spending an hour a day analyzing ip cache flows and placing blocks on a list?
I am a junior systems analyst and I monitor Cisco routers and switches. On one of my routers, a Cisco 7200 series running IOS 12.2(15)T17, I have been monitoring a Denial of Service attack for a few weeks now. Someone or some people have it out for us, it seems, and are not only overloading my router's cpu (now runs between 75% and 100%) but they are spoofing IPs to do it. I've placed several blocks at the top of an access list and have even had some hitters big enough to email a few abuse@isp.com addresses. This only does so much. The router is a gateway router so the traffic isn't getting into the network and clogging it up, but the traffic still has to go through the ACLs on the router which uses processing which in turn causes problems for legit traffic trying to come in and out. I guess my question is: is there an easier way to work with this other than spending an hour a day analyzing ip cache flows and placing blocks on a list?
-Marlin
Hi Tuttlem;
I work as a data centre manager for an organisation with web facing e-commerce gateways and we recently came under attack from both DOS and DDOS attacks...
These combined syn floods, tcp stacks, sql injects and all manner of unwanted traffic that eventually knocked out my IPS resources.
After trying a numer of very expensive cloud based solutions ; we eventually opted for a dedicated solution which sits in front of our interfaces in a HA pair.
This product was WS1000 by Webscreen and because it uses " live intelligence", within 30 mins of their technican attaching the appliance; we were back up and running bacuase we could specify exactly what type of traffic we wanted to let through.
I work as a data centre manager for an organisation with web facing e-commerce gateways and we recently came under attack from both DOS and DDOS attacks...
These combined syn floods, tcp stacks, sql injects and all manner of unwanted traffic that eventually knocked out my IPS resources.
After trying a numer of very expensive cloud based solutions ; we eventually opted for a dedicated solution which sits in front of our interfaces in a HA pair.
This product was WS1000 by Webscreen and because it uses " live intelligence", within 30 mins of their technican attaching the appliance; we were back up and running bacuase we could specify exactly what type of traffic we wanted to let through.
Last edited by SEANDSE; Oct 11th, 2008 at 8:17 pm.
•
•
Join Date: Mar 2005
Posts: 1,213
Reputation: 
Solved Threads: 36
•
•
•
•
Originally Posted by tuttlem 
Okay, I know I probably can't stop it, but it seemed like a good title.
http://www.gcn.com/print/vol20_no17/4573-1.html#
"No one remembers who climbed Mount Everest the second time." — Na Nook.
|
Similar Threads
- my computer will not boot (Windows NT / 2000 / XP)
- qbasic program under Windows XP (Legacy and Other Languages)
- How to run QBAS, DOS etc under Windows XP (Windows NT / 2000 / XP)
- Will DOS games someday become impossible to play? (Troubleshooting Dead Machines)
- DOS automatically closes (Windows NT / 2000 / XP)
- Need DOS help (Windows 95 / 98 / Me)
- Graphics Card issues Stop Command??? (Windows NT / 2000 / XP)
Other Threads in the Network Security Forum
- Previous Thread: Hello
- Next Thread: iptables -m recent conflicting
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
adobe advice antivirus apple attack barackobama bot botnet breach browser business cellphone china civilliberties crime cybercrime cyberwarfare daniweb data database dataloss dataprotection development email emailretention encryption exploit facebook forensic fraud gadget gartner google government hack hacker hacking hardware homelandsecurity ibm identity idtheft information infosec internet iphone kaspersky kernel law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama olympics password passwords pdf pentagon phishing phone politics privacy report research safari satnav scam search security socialnetworking software softwaredevelopment sophos spam survey symantec terrorism terrorist trends trojan twitter uk usb virtualization virus vulnerability warning web wireless worm yahoo youtube