Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Distributed Denial of service
- Thread starter cpace
- Start date
It cna be tough if the person is serious.. more then likely the header is forged on the packets anyways. If it's a scriptkiddie, then you have a fighting chance if you want to hassle with sniffing the incoming packetsa and working out the TCP header info.
You might get the ISP's attention with a cease and desist order from your company's legal beagles. All that fancy talk with the evil sounding words tends to get the ISP's attention even more so when the word *damages* is mentioned.
So take a two pronged approach, dump the attack by redirection if you can.. route it all to a NULL interface and get the lawyers involved.
Just an opinion.. not legal advice by any stretch of the imagination
MikeS
Find me at
"The trouble with giving up civil rights is that you never get them back"
You might get the ISP's attention with a cease and desist order from your company's legal beagles. All that fancy talk with the evil sounding words tends to get the ISP's attention even more so when the word *damages* is mentioned.
So take a two pronged approach, dump the attack by redirection if you can.. route it all to a NULL interface and get the lawyers involved.
Just an opinion.. not legal advice by any stretch of the imagination
MikeS
Find me at
"The trouble with giving up civil rights is that you never get them back"
- Thread starter
- #3
Thanks,
My firewall is a medium to small business firewall and until I can replace it, I am worried the attacks could get worse. Right now it is doing it's job without performance problems. But, you never know...
I was reading about the command "ip verify unicast reverse-path" Does this do anything ?
My firewall is a medium to small business firewall and until I can replace it, I am worried the attacks could get worse. Right now it is doing it's job without performance problems. But, you never know...
I was reading about the command "ip verify unicast reverse-path" Does this do anything ?
If it is a ddos attack the sources are distributed and there are clueless middlemen involved or at least hijacked
/trojaned amplifiers elsewhere. Going to arin and looking
up these guys will probably not do you a lot of good.
If your ISP won't help you with this then maybe it is time to look for another isp?
/trojaned amplifiers elsewhere. Going to arin and looking
up these guys will probably not do you a lot of good.
If your ISP won't help you with this then maybe it is time to look for another isp?
Guest_imported
New member
- Jan 1, 1970
- 0
Hi,
Ip verify unicast reverse-path tells the router to drop incoming packets if it receives them on an interface other than the one closest to the source (according to it's routing table). If your network just hangs off one ISP then this wont help you since all the traffic comes from one direction (although it will prevent spoofing your internal addresses from the outside, private addressing notwithstanding).
Ip verify unicast reverse-path tells the router to drop incoming packets if it receives them on an interface other than the one closest to the source (according to it's routing table). If your network just hangs off one ISP then this wont help you since all the traffic comes from one direction (although it will prevent spoofing your internal addresses from the outside, private addressing notwithstanding).
- Status
Similar threads
- Locked
- Question