How to ? :)

!30!30 Member Posts: 356
in Off-Topic
Hello to all !

I have 2 question's.
Do you know some method's to stop DDOS ? I mean to protect yourself in face of DDOS ?
How do you catch those user's in our network ( if you are a network admin ) , if they do Arp spoofing ?

Can anyone help me , with those ? :D
Optimism is an occupational hazard of programming: feedback is the treament. (Kent Beck)
· Share on FacebookShare on Twitter

Comments

  • blackzoneblackzone Member Posts: 82 ■■□□□□□□□□
    If you give an example of how you did a DDOS attack step by step, I'll try to see if I can find a solution.

    For arp poisoning, you can probably use static arp entry.

    Type "man arp" on linux, or "arp" under window for more detail

    p.s. I dont' know anyway of spotting spoofing.
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    !30 wrote:
    Do you know some method's to stop DDOS ? I mean to protect yourself in face of DDOS ?
    Usually it has to be blocked at the ISP level if it's a true DDOS. You can stop a DOS (if it is a network based DOS coming from outside your network perimeter) by making a simple ACL on the fly to drop the offending packets. It may still kill your bandwidth though, if it is already flooding a T-1 line (or T-3, or whatever), then dropping the packets at your own front door isn't going to help much. That's why it usually needs to be done at the ISP level, where the pipes ar bigger.
    !30 wrote:
    How do you catch those user's in our network ( if you are a network admin ) , if they do Arp spoofing ?
    Static arp works well enough in a small environment with linux machines, but static arp entries (believe it or not) can be over written by flooding a Windows machine with bogus arp entries. Not sure if this got fixed in W2K3 R2.

    There are no defences built into arp itself, though. Other defences would be to use IPSec to establish a security association between peers. Using static mac entries on switches can help too (sometimes called port security, or sticky ports). Arpwatch is another option, but you need to configure a port on the switch to use mirroring.

    There are tools that let you scan your network for nics running in promiscous mode, which generally means they are running a sniffer, possibly after poisoning the arp on a switch to see more traffic.

    You can also configure a network IDS to alert you to the possibility of arp poisoning, it watches for a lot of bogus "who has w.x.y.z, tell a.b.c.d" traffic.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • !30!30 Member Posts: 356
    Could you give me an example of tool's which catch nics running in promiscous mode ? for spoofing .. you mention about them icon_lol.gif
    Optimism is an occupational hazard of programming: feedback is the treament. (Kent Beck)
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Here is one for MS networks:
    http://support.microsoft.com/?kbid=892853
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Danman32Danman32 Member Posts: 1,243
    You can't really stop a generic DOS/DDOS any more than you could stop someone (or group of people) from approaching your house and blocking you from coming out or from someone legit to come in by yourself.

    Specific means of DOS/DDOS can be prevented from succeeding or lessen its impact by dropping the packet as soon as you can determine it is illegitimate. Even then though, if bad packets came in fast enough, they would displace the wanted packets.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.