Denial of Service (DoS) attacks!!

[starwolf39]

I know someone who is threatening to use DoS attacks on me. I have a firewall, but I don't think that it can protect me if he tries to mass ping me. Is there some sort of program that I can download to prevent these types of attacks, as well as some others hopefully??

 

[angel]

I don't think there's any program that can 'prevent' a DOS attack since (as far as I understand), it just creates an enormous amount of traffic - so even if you had everything blocked, there are still the attempts.
If you know who is threatening you, report it to your ISP immediately, they should be able to do something on their end to prevent it getting to you.

 

[eddie5659]

Hiya

You can close your port 139, which is one of the main ports for a DOS attack. Have a look here and choose your OS.

http://grc.com/su-bondage.htm

Regards

eddie

 

[starwolf39]

i used the IP agent program and used the 'test my shields' button to test my computer's security for weaknesses. it found that all my ports were running in stealth mode, and it said that it could not even find port 139!! so is that going to completely eliminate DoS attacks, reduce them, or what?

 

[eddie5659]

I take it you're using a firewall.

Yes, but only to some degree. If they really want you, there you go. Closing the port just protects you more.

Which firewall are you using? Are you on a network or is it just standalone?

The reason why the network, is that they are more than likely to get attacked. Have a read of this:

http://www.sans.org/dosstep/index.htm

Regards

eddie

 

[starwolf39]

i am on a network, and am running norton firewall, if that helps at all.

 

[eddie5659]

Okay

Have you had a look at the link that I posted? Also, you may want to read this:

http://www.irchelp.org/irchelp/nuke/

Its about IRC, but do you use this on your Network?

Regards

eddie

 

[starwolf39]

irc? i dont really use that.

 

[eddie5659]

Hiya

I posted that link just to give you a picture on what you may need to do. This one

http://www.petertodd.ca/articles/dos_attacks.html

is pretty good.

This is a bit about securing:

Disable ICMP replies. If someone tries to connect to a port that has nothing behind it why send back a ICMP message saying there is nothing there and double the bandwidth being used up?
If needed disable pings. While probably not something you will want to do very often, I for one am very anoyed when a site doesn't respond to my pings, it can help while you are being attacked.

If the attacker is using up your bandwidth, for instance someone sending zillions of junk packets to random ports, you will have to get your ISP to do the blocking.
If the attacker is trying to use up your computer power, for instance someone doing repetitive junk querys on a web-accesible database, you can do the blocking yourself.
Limiting is a good alternative to outright blocks. Just don't allow more then x whatever per client. This can also apply to bandwidth attacks.
Unless the remote computer has actually connected to a service the return IP address may be fake. For instance UDP junk can have a fake return address while someone doing database querys will always have a real address. This also means that tracking down the person may well be impossible. The FBI has only narrowed the Yahoo! attack down to California and Oregon, and it has been poring over logs for a few days

Also, look at www.grc.com as they have some good articles.

Regards

eddie