And trying to fix the mess, and in the meantime, these are the stuffs
I found online --
Utility like Hardenit (http://sniffem.exaserve.net/Hardenit.exe), and
registry hack at http://utilities4life.blogspot.com/2007/08/how-to-make-your-computer-anti-ddos.html
Have some questions ---
A. Are the utility/registry hack the above links provided effective
against DDOS ?
B. What other things that I can use to beef up my server? Any
suggestion?
Thanks a million !!!
> A. Are the utility/registry hack the above links provided effective
> against DDOS ?
I don't think so, it depends how worked the attack. Analyze logfiles and
find out why the server crashed.
> B. What other things that I can use to beef up my server? Any
> suggestion?
It depends on your network infrastructure and how the attack works, if you
can see specific patterns you could rdirect or filter traffic in some
cases.
It all depends on the exploit that the DDoS takes advantage of.
Using a traffic jam as analogy:
road = network pipe (more lanes == more bandwidth)
cars = request/response
point A and B along the road represent the web client and web server
being accessed via the network connection
DDoS can:
1. Send so many cars along the road between points A and B that your
car cannot traverse between them. In this case, you have to use
Networking Equipment to filter out the bad traffic, clear out the cars
on the road so that you can get between points A and B
2. Send cars which slow down around points A and B, thus blocking you
from reaching them. This may be exploiting bugs in the OS, which is
considered a DDoS vulnerability and needs to be patched. There *may*
be registry changes that can mitigate the vulnerability. It all
depends on the bug
Thus, there aren't any utilities or registry hacks that make your
computer effectively deal with DDoS. There are no tools or
instructions which you can run to make yourself immune from DDoS. #1
is always possible and unavoidable with the Internet. #2 requires
constant vigilance to update server software as vulnerabilities are
found.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Not entirely true. While it's correct that bandwidth exhaustion can only
be handled upstream, there are of course other types of DDoS (e.g. SYN
flooding) that can very well be handled at your end. And although
patching known bugs is the best way to deal with DoS conditions in
services, there are other ways to mitigate this kind of threat, namely
application level gateways (like mod_security for the Apache web
server).
Braindead X-post removed, f'up2csf.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
"Penang" <kala...@gmail.com> wrote in message
news:b171d12d-dfdd-41c1...@t39g2000prh.googlegroups.com...
Seriously, i hate them ... i hate mosquitoes.
M O S Q U I T O E S ... i hate them
"Penang" <kala...@gmail.com> ha scritto nel messaggio
news:b171d12d-dfdd-41c1...@t39g2000prh.googlegroups.com...