DoS: Difference between revisions
From Hackepedia
Jump to navigationJump to search
m added ddos link |
should maybe create an ICMP and reference it instead |
||
Line 3: | Line 3: | ||
---- | ---- | ||
In order to minimise the effects of a DoS a [[Firewall]] can be used as well as creating policies that limit resources to an entity. | In order to minimise the effects of a DoS a [[Firewall]] can be used as well as creating policies that limit resources to an entity. | ||
Most common DoS attacks come in the way of ICMP packets. As per [[RFC]][http://www.faqs.org/rfcs/rfc792.html 792] there are several types of ICMP you may wish to block. Most people would only leave the two ping types permitted: | |||
0 Echo Reply | |||
3 Destination Unreachable | |||
4 Source Quench | |||
5 Redirect | |||
8 Echo | |||
11 Time Exceeded | |||
12 Parameter Problem | |||
13 Timestamp | |||
14 Timestamp Reply | |||
15 Information Request | |||
16 Information Reply | |||
Some useful detection commands assuming you're using tun0: | |||
# tcpdump -i tun0 -n icmp | |||
# netstat -i -p icmp -I tun0 | |||
---- | ---- | ||
See also [[Ddos]]. | See also [[Ddos]]. |
Revision as of 12:44, 6 February 2006
Denial of Service is the exhaustion of resources on a computer or network. Legitimate users will be interrupted from doing their regular tasks and often a loss of monetary resources are involved. Denial of Service can cause stocks to fall and make administrators nervous and run around like chickens with their head cut off.
In order to minimise the effects of a DoS a Firewall can be used as well as creating policies that limit resources to an entity. Most common DoS attacks come in the way of ICMP packets. As per RFC792 there are several types of ICMP you may wish to block. Most people would only leave the two ping types permitted:
0 Echo Reply 3 Destination Unreachable 4 Source Quench 5 Redirect 8 Echo 11 Time Exceeded 12 Parameter Problem 13 Timestamp 14 Timestamp Reply 15 Information Request 16 Information Reply
Some useful detection commands assuming you're using tun0:
# tcpdump -i tun0 -n icmp # netstat -i -p icmp -I tun0
See also Ddos.