WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks
           9  1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS)

Previous Topic/Section
SYN Floods
Previous Page
Pages in Current Topic/Section
1
Next Page
 1.4.2  Backdoors
Next Topic/Section

What Can I Do to Prevent DDoS Attacks?

DDoS attacks are hard to prevent, and are, unfortunately, a fact of life on public networks. However, there are some simple precautions you can take.

First of all make sure you have a good relationship with your ISP and that you have an emergency contact number to reach a technical person. Time wasted calling around to find the right person to help means time wasted getting your public services back online.

Second, many operating systems & TCP/IP stack implementations provide an option to change the timeout on a TCP conversation. If you are able to reduce the amount of time before the reset of an unfinished TCP connection occurs, you will make it harder for an attacker to continually keep the server’s resources occupied. Some operating systems such as Windows 2000 and routers also include specific SYN Flood attack protection options.

Preventing SYN Attacks

Research whether your OS provides the TCP handshake timeout option, or other SYN Flood protection options. For example, some Windows 2000-related information is available from Microsoft and assorted third parties. This documentation also includes references to several other sources of DoS and DDoS defense information.66 Does your OS provide useful configuration options? If so, experiment (on a non-production machine!) with smaller values for the timeout, and see if you can reduce it without impairing the ability of other systems to connect to that machine, and also check out other options designed to help protect your system against DoS and DDoS.


Third, consider whether to configure your boundary routers and firewalls to drop ICMP packets. This is both a blessing and a curse. It does reduce the effectiveness of ICMP floods by preventing any responses from inside your network (note that it cannot by definition prevent ICMP packets from actually arriving at your network boundaries), however, troubleshooting network connectivity problems becomes much more difficult without the help of the good old ping and traceroute (or tracert for Windows users) commands, which use ICMP and won’t get through an ICMP block.

VisualRoute

Network World Fusion did a good review of this interesting tool67. Doing software reviews well is like herding cats. Things change before the ink is on the paper. The magazine review dated 3/29/2004 covers version 8.0a. A check of the website68 as I update this work (April 2004) shows Version 8.0d addressing the shortcoming mentioned in the article.


Finally, be a good bedizen. If client machines on your private networks have access to public systems, implement a technique known as “source filtering” on the firewalls and routers at the boundaries of your network. Source filtering prevents spoofed IP packets from leaving your network, as any device they pass through will check the source address against the known local network numbers. If the source IP address does not match an internal subnet, the packet is considered bogus, and discarded. We’ll discuss this more in section 1.4.3, on Spoofing.


 __________________

66. “Configure NT and Windows 2000 stack to resist network Denial of Service”, http://is-it-true.org/nt/nt2000/registry/rtips3.shtml

67. http://www.nwfusion.com/reviews/2004/0329rev.html

68. http://www.visualware.com/personal/support/visualroute/newrelease.html

Previous Topic/Section
SYN Floods
Previous Page
Pages in Current Topic/Section
1
Next Page
 1.4.2  Backdoors
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.