Network Security: Detailed info on DoS attack... what to do?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

DoS attack... what to do?

from [Nigel Kukard] Network Security

[Permanent Link]

Subject:	DoS attack... what to do?
Date:	Tue, 04 Jan 2005 19:41:19 +0000

Hi Guys,

Here is the situation...

I have a dedicated server at ISP X, about 1 week after I signed up for the service I received a DoS attack against my DNS service... the attack came from over 10,000 IP addresses and tried to resolve the following domain names...

leet.nexhost.org
ns1.nexhost.org
ns2.nexhost.org
floop.m33pm33p.info
irc.k1hosting.net
b0tn3t.elite-coders.org

I thought i would be clever and changed root.cache on my named service to resolve all dns queries to 127.0.0.1, this seems to of worked for about 1hr. Next I get even more attacks on port 5556 which I don't even use and basically by default drop everything to that port.

I have sent off abuse reports for over 10,000 IP's, grouping them by ISP and sending 1 email per ISP.....

What to do? I've got a constant 200Kbps of traffic, and its kinda bugging me...

Any help would greatly be appreciated.  (btw, netsky.V uses port 5556)


Regards
Nigel Kukard

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
DoS attack... what to do?, Nigel Kukard <= Re: DoS attack... what to do?, falcon Re: DoS attack... what to do?, Faisal Khan Re: DoS attack... what to do?, Mark C Re: DoS attack... what to do?, Bernie Cosell Re: DoS attack... what to do?, Jose Nazario RE: DoS attack... what to do?, Shaffer, Bruce Re: DoS attack... what to do?, Steve Friedl RE: DoS attack... what to do?, Craig Skelton Re: DoS attack... what to do?, Alvin Oga Re: DoS attack... what to do?, Valdis . Kletnieks

Previous by Date:	REVIEW: "Disaster Proofing Information Systems", Robert W. Buchanan, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:	Re: DoS attack... what to do?, falcon
Previous by Thread:	REVIEW: "Disaster Proofing Information Systems", Robert W. Buchanan, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:	Re: DoS attack... what to do?, falcon
Indexes:	[Date] [Thread] [Top] [All Lists]