Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DoS Horror Story - Or - Please Recommend a Firewall for Win2k3

from [AFW] Network Security [Permanent Link]
Subject: DoS Horror Story - Or - Please Recommend a Firewall for Win2k3
Date: Tue, 26 Jul 2005 20:11:47 +0200 
Hello,

Until now I haven't really had much use for firewalls. At one time my
computer started to crash, and I figured out it wouldn't if I disconnected
it from the net. Then I rose my firewall and opened the port for IRC and
went out on the net, and found out msblast had been born. Other than that
I've been pretty and luckily unaware of security issues, until this week,
when my server got hit by a "small" DoS attack. I saw the packets by a
co-incidense in IIS web log and saw how new logs were created each minute. I
used plesk firewall, which is nothing more than a script using netsh ip
routing. It seemed to get worse and worse so I decided to use the only
server firewall I have experience with and which had been good to my
knowledge. So I installed Visnetic firewall 2.2.6. I thought maybe I can
afford it too it cost $198. Anyways since you can't configure the ports much
during the install I set it to be started manually and then restarted as it
asked me to.

Here the problems began. The server did not come up and respond after this.
How odd, I had installed this remotely before and all had went well, and I
was pretty sure I had done this right. So I contact the datacenter EV1 and
tell them about the problem. The answer from them was, you must order a
total OS restore, the server won't get past personal settings. I replied the
server was just fine, I told them about installing the firewall and that I
just wanted to restart it. Apparantly the server was so slow they had
trouble logging on at the console, and the ping lost packets and delayed to
over a second from the server. So they finally replied this is harddrive
failure, we will give you a free restore (thank you, their restore costs
$80). Well I thought OK, this went fast, the attack already crashed my
harddisk? So I say OK, thanks so much and ordered their 2 hour restore.
Well, after 2 hours, they had installed a new OS, but forgot to put a plesk
key in it. So I had to wait for another hour, and then they installed a key,
which was for wrong version. After numerous chats and trying to hurry things
up, with customers calling and complaining, I got them to install a new key
(10 hours now and counting), I restored all sites from backup, installed all
the extra components and setup the server,  and was checking the sites and
all seemed fine.. and then the server goes down. And I have forgot to set
the firewall on automatic.... bummer.... I couldn't connect to the server
now, and it lost pings again. So I tell DC sorry for bothering again, but
could you please raise my firewall, because I cannot connect. And they
reply, we are unable to (why I thought), but we will install a remote
adminisitration hardware for you for 4 hours for free (before recommending
an OS restore). Again I was thankful for this, better to take it.  (Why must
they recommend restore all the time?) but after several hours waiting for it
to be installed, and problems with it not working, then I just found out it
would freeze at logon. So I ask, can't you just block my net access on this
particular IP, and well, the networking department was contacted and they
finally saved my day by applying their "fireslayer" A router blocks all the
spoofed pakets and my server is up running fast as ever. They say it is a
small DoS attack, just 5 Mpbs or 6000 packets/second.  So I set my firewall
to automatic and everything worked.

Until this morning. I woke up to see that no sites were working, and a
message from DC that the attack has stopped and they have removed my
protection. So I wasted 2 hours trying to convince them it was needed, but
they respond no, it is not under attack, you can handle the traffic by a
software firewall. ( And yes, if I ever want to restart the firewall then
the server will be unobtainable in this condition, I think DC could be much
more co-operative than this ) Well, if I block the attacked IP, site on
other IPs works. But what about the sites on the IP (which belongs to a
reseller). My firewall which I thought had good configurability can only
block based upon IPs, ports, protocols, and some http methods filtering
(which is yet buggy), but nothing that filters out spoofed IPs, or can
recognize traffic by domain.

So I need a recommendation for a firewall that works for me. And something
that is affordable is preferred. It just needs to protect one Windows 2003
server. Anyone help ?

Best Regards,
AFW
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Materials for Checkpoint certification and CEH certification, Shyaam
Next by Date:  PIX DMZ INT - SNMP MONITORING, Jonathan Upperman
Previous by Thread:  Checkpoint SecureClient as a personal firewall, Haseeb Chaudhary
Next by Thread:  Re: DoS Horror Story - Or - Please Recommend a Firewall for Win2k3, Jason Dixon
Indexes:  [Date] [Thread] [Top] [All Lists]