Dos Attack

"Karim" <karim3411 DeleteThis @yahoo.moc> wrote in message
news:113gv5o973bif.16pf0lvcdyj36$.dlg@40tude.net...
 > On Mon, 15 Mar 2004 17:04:59 -0000, Gaffer wrote:
 >
  > > Hello,
  > >
  > > My website recently suffered a dos attack and I might need to start
looking
  > > for a new host. Would getting a host that offers firewall protection
prevent
  > > this from happening again? Other help and suggestions to deal with these
  > > circumstances will also be most appreciated.
  > >
 >
 > A firewall helps alot. How did you know you suffered a dos attack?
 >
 >
 >

All the websites on one of my hosts servers stopped working and my host told
me so

_____
Gaffer<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

"Gaffer" <GafferNoSpam.TakeThisOut@ntlworld.com> wrote in message
news:a5n5c.100$5G1.92@newsfe3-win.server.ntli.net...
 >
 > "Karim" <karim3411.TakeThisOut@yahoo.moc> wrote in message
 > news:113gv5o973bif.16pf0lvcdyj36$.dlg@40tude.net...
  > > On Mon, 15 Mar 2004 17:04:59 -0000, Gaffer wrote:
  > >
   > > > Hello,
   > > >
   > > > My website recently suffered a dos attack and I might need to start
 > looking
   > > > for a new host. Would getting a host that offers firewall protection
 > prevent
   > > > this from happening again? Other help and suggestions to deal with
these
   > > > circumstances will also be most appreciated.
   > > >
  > >
  > > A firewall helps alot. How did you know you suffered a dos attack?
  > >
  > >
  > >
 >
 > All the websites on one of my hosts servers stopped working and my host
told
 > me so


DoS attacks happen. If a server is online for any length of time, it WILL
happen. What's important is how your host handled it. Did they act quickly
and get things re-routed, fixed ASAP?

Even eBay, Microsoft, Yahoo and 2Checkout have all been victims of noticable
DoS attacks. I know we've had our share over the years. All it takes is
for someone to get mad at either the host or a website on a server...and the
potential for a DoS is inevitable. It is unfortunate that there are people
in the world that get their kicks out of disrupting legitimate internet
traffic, but you shouldn't blame the victim if they were able to get you
back online quickly.

--Tina

--
<a style='text-decoration: underline;' href="http://www.AffordableHOST.com" target="_blank">http://www.AffordableHOST.com</a> - since 1997
Problems with your current host?
We honor up to 6 months of their contract.
See our site for complete details.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

"Tina - AffordableHOST.com" <tina.RemoveThis@affordablehost.com> wrote in message
news:105c0cpks87e5fd@corp.supernews.com...
 > "Gaffer" <GafferNoSpam.RemoveThis@ntlworld.com> wrote in message
 > news:a5n5c.100$5G1.92@newsfe3-win.server.ntli.net...
  > >
  > > "Karim" <karim3411.RemoveThis@yahoo.moc> wrote in message
  > > news:113gv5o973bif.16pf0lvcdyj36$.dlg@40tude.net...
   > > > On Mon, 15 Mar 2004 17:04:59 -0000, Gaffer wrote:
   > > >
   > > > > Hello,
   > > > >
   > > > > My website recently suffered a dos attack and I might need to start
  > > looking
   > > > > for a new host. Would getting a host that offers firewall protection
  > > prevent
   > > > > this from happening again? Other help and suggestions to deal with
 > these
   > > > > circumstances will also be most appreciated.
   > > > >
   > > >
   > > > A firewall helps alot. How did you know you suffered a dos attack?
   > > >
   > > >
   > > >
  > >
  > > All the websites on one of my hosts servers stopped working and my host
 > told
  > > me so
 >
 >
 > DoS attacks happen. If a server is online for any length of time, it WILL
 > happen. What's important is how your host handled it. Did they act
quickly
 > and get things re-routed, fixed ASAP?
 >
 > Even eBay, Microsoft, Yahoo and 2Checkout have all been victims of
noticable
 > DoS attacks. I know we've had our share over the years. All it takes is
 > for someone to get mad at either the host or a website on a server...and
the
 > potential for a DoS is inevitable. It is unfortunate that there are
people
 > in the world that get their kicks out of disrupting legitimate internet
 > traffic, but you shouldn't blame the victim if they were able to get you
 > back online quickly.
 >
 > --Tina
 >
 > --
 > <a style='text-decoration: underline;' href="http://www.AffordableHOST.com" target="_blank">http://www.AffordableHOST.com</a> - since 1997
 > Problems with your current host?
 > We honor up to 6 months of their contract.
 > See our site for complete details.
 >
 >
 >

Tina,

Your information was most helpful. Would another host want me as a customer
if I was bringing my attacked domain with me?

_____
Gaffer<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

"Gaffer" <GafferNoSpam.TakeThisOut@ntlworld.com> wrote in message
news:tMn5c.299$a95.191@newsfe1-win...
 >
 > "Tina - AffordableHOST.com" <tina.TakeThisOut@affordablehost.com> wrote in message
 > news:105c0cpks87e5fd@corp.supernews.com...
  > > "Gaffer" <GafferNoSpam.TakeThisOut@ntlworld.com> wrote in message
  > > news:a5n5c.100$5G1.92@newsfe3-win.server.ntli.net...
   > > >
   > > > "Karim" <karim3411.TakeThisOut@yahoo.moc> wrote in message
   > > > news:113gv5o973bif.16pf0lvcdyj36$.dlg@40tude.net...
   > > > > On Mon, 15 Mar 2004 17:04:59 -0000, Gaffer wrote:
   > > > >
   > > > > > Hello,
   > > > > >
   > > > > > My website recently suffered a dos attack and I might need to
start
   > > > looking
   > > > > > for a new host. Would getting a host that offers firewall
protection
   > > > prevent
   > > > > > this from happening again? Other help and suggestions to deal with
  > > these
   > > > > > circumstances will also be most appreciated.
   > > > > >
   > > > >
   > > > > A firewall helps alot. How did you know you suffered a dos attack?
   > > > >
   > > > >
   > > > >
   > > >
   > > > All the websites on one of my hosts servers stopped working and my
host
  > > told
   > > > me so
  > >
  > >
  > > DoS attacks happen. If a server is online for any length of time, it
WILL
  > > happen. What's important is how your host handled it. Did they act
 > quickly
  > > and get things re-routed, fixed ASAP?
  > >
  > > Even eBay, Microsoft, Yahoo and 2Checkout have all been victims of
 > noticable
  > > DoS attacks. I know we've had our share over the years. All it takes
is
  > > for someone to get mad at either the host or a website on a server...and
 > the
  > > potential for a DoS is inevitable. It is unfortunate that there are
 > people
  > > in the world that get their kicks out of disrupting legitimate internet
  > > traffic, but you shouldn't blame the victim if they were able to get you
  > > back online quickly.
  > >
  > > --Tina
  > >
  > >
 >
 > Tina,
 >
 > Your information was most helpful. Would another host want me as a
customer
 > if I was bringing my attacked domain with me?


Was it your specific domain that was attacked? If so, probably not.

--Tina<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

Gaffer wrote:
 > Hello,
 >
 > My website recently suffered a dos attack and I might need to start
 > looking for a new host.

What was the target? Your domain name? Another domain on the same server?
IP_address?

It makes a difference.


 > Would getting a host that offers firewall
 > protection prevent this from happening again?

Not if the target was your domain. btw: a firewall will can only block
traffic that it receives - it cannot prevent a DoS attack using up all the
bandwidth available on the upstream side. so it can provide some protection
to the server but not to your domain.

 > Other help and
 > suggestions to deal with these circumstances will also be most
 > appreciated.

Bolt down the hatches and ride it out.

--
William Tasso<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

"Gaffer" <GafferNoSpam.DeleteThis@ntlworld.com> wrote in message
news:Rml5c.12$K03.11@newsfe1-win...
 > Hello,
 >
 > My website recently suffered a dos attack and I might need to start
looking
 > for a new host. Would getting a host that offers firewall protection
prevent
 > this from happening again? Other help and suggestions to deal with these
 > circumstances will also be most appreciated.
 >
Dont see how a firewall will stop a dos attack - might slow it down a bit.
A dos attack is simply normal traffic magnified. In other words more
requests comming in than can be handled bringing the server to a standstill.

This is likely to happen no matter where you are hosted - chances are, if
your current host has recovered, they may be ok for a long while now -
unless they are persistantly being attacked.

The solution is to limit the responses to requests so the server manages to
keep itself under the resource limits.


--
bildanet
MyLot.net - the home of the $10 reseller programme<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

On Tue, 16 Mar 2004 09:05:20 +1300, Bill Logan wrote:

 > "Gaffer" <GafferNoSpam.RemoveThis@ntlworld.com> wrote in message
 > news:Rml5c.12$K03.11@newsfe1-win...
  >> Hello,
  >>
  >> My website recently suffered a dos attack and I might need to start
 > looking
  >> for a new host. Would getting a host that offers firewall protection
 > prevent
  >> this from happening again? Other help and suggestions to deal with these
  >> circumstances will also be most appreciated.
  >>
 > Dont see how a firewall will stop a dos attack - might slow it down a bit.
 > A dos attack is simply normal traffic magnified. In other words more
 > requests comming in than can be handled bringing the server to a standstill.
 >
 > This is likely to happen no matter where you are hosted - chances are, if
 > your current host has recovered, they may be ok for a long while now -
 > unless they are persistantly being attacked.
 >
 > The solution is to limit the responses to requests so the server manages to
 > keep itself under the resource limits.

You use the firewall to block the ip address that's causing the attack.
There should be only humans visiting your site and a human can't send tens
of requests/sec or bots from search engines and those are identifiable.
Other than those two categories, you can safely block ip address that are
sending too many requests.


--
Karim
<a style='text-decoration: underline;' href="http://www.cheapesthosting.com/webmastertoolbox" target="_blank">http://www.cheapesthosting.com/webmastertoolbox</a> - Free Resources for
Webmasters<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

"Karim" <karim3411.DeleteThis@yahoo.moc> wrote in message
news:13mcs86gvepzk.97b9a3ak08r2.dlg@40tude.net...
 > On Tue, 16 Mar 2004 09:05:20 +1300, Bill Logan wrote:
 >
  > > "Gaffer" <GafferNoSpam.DeleteThis@ntlworld.com> wrote in message
  > > news:Rml5c.12$K03.11@newsfe1-win...
   > >> Hello,
   > >>
   > >> My website recently suffered a dos attack and I might need to start
  > > looking
   > >> for a new host. Would getting a host that offers firewall protection
  > > prevent
   > >> this from happening again? Other help and suggestions to deal with
these
   > >> circumstances will also be most appreciated.
   > >>
  > > Dont see how a firewall will stop a dos attack - might slow it down a
bit.
  > > A dos attack is simply normal traffic magnified. In other words more
  > > requests comming in than can be handled bringing the server to a
standstill.
  > >
  > > This is likely to happen no matter where you are hosted - chances are,
if
  > > your current host has recovered, they may be ok for a long while now -
  > > unless they are persistantly being attacked.
  > >
  > > The solution is to limit the responses to requests so the server manages
to
  > > keep itself under the resource limits.
 >
 > You use the firewall to block the ip address that's causing the attack.
1. There are easier, more effective ways to block IP addresses
2. What you sugest can only be done 'after' a dos attack!
Or do you know a way to discover the IP# of a dos attacker prior to
the attack?
3. Even if you knew the numbers you would need to block an awful lot - and
block a lot of potential 'visitors' as well given that a dos attack often
utilises multiple IP# usually belonging to lots of other innocent people.

 > There should be only humans visiting your site
Tell me how a human can visit a web site? Not even a browser can visit a web
site.

A browser 'requests' the server to return a page, (or whatever may be at a
particular url/path - then waits for the server to serve!


and a human can't send tens
 > of requests/sec or bots from search engines and those are identifiable.
 > Other than those two categories, you can safely block ip address that are
 > sending too many requests.
 >
As I said previously - the best way is to restrict the number of requests
within a given period. This can be done on a per IP basis or in general.
Either way it cuts down the overload on resources without denying your
'visitors' access.



--
bildanet
MyLot.net - the home of the $10 reseller programme<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

Bill Logan wrote:
 > ...
 > know a way to discover the IP# of a dos attacker
 > prior to the attack?

crystal ball v2.1

 > ...
 > Tell me how a human can visit a web site?

neural uplink v1.3 (installed as standard with human brain v5.4)

 > Not even a browser can visit a web site.

not even with a bus pass?


--
William Tasso<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack 

On Wed, 17 Mar 2004 08:26:34 +1300, Bill Logan wrote:

 > "Karim" <karim3411.RemoveThis@yahoo.moc> wrote in message
 > news:13mcs86gvepzk.97b9a3ak08r2.dlg@40tude.net...
  >> On Tue, 16 Mar 2004 09:05:20 +1300, Bill Logan wrote:
  >>
   >>> "Gaffer" <GafferNoSpam.RemoveThis@ntlworld.com> wrote in message
   >>> news:Rml5c.12$K03.11@newsfe1-win...
   >>>> Hello,
   >>>>
   >>>> My website recently suffered a dos attack and I might need to start
   >>> looking
   >>>> for a new host. Would getting a host that offers firewall protection
   >>> prevent
   >>>> this from happening again? Other help and suggestions to deal with
 > these
   >>>> circumstances will also be most appreciated.
   >>>>
   >>> Dont see how a firewall will stop a dos attack - might slow it down a
 > bit.
   >>> A dos attack is simply normal traffic magnified. In other words more
   >>> requests comming in than can be handled bringing the server to a
 > standstill.
   >>>
   >>> This is likely to happen no matter where you are hosted - chances are,
 > if
   >>> your current host has recovered, they may be ok for a long while now -
   >>> unless they are persistantly being attacked.
   >>>
   >>> The solution is to limit the responses to requests so the server manages
 > to
   >>> keep itself under the resource limits.
  >>
  >> You use the firewall to block the ip address that's causing the attack.
 > 1. There are easier, more effective ways to block IP addresses

Name a few.

 > 2. What you sugest can only be done 'after' a dos attack!
 > Or do you know a way to discover the IP# of a dos attacker prior to
 > the attack?

A good firewall detects the # of requests coming in a period of time from
the same ip address and dynamically blocks it. Some dns servers can do
this. It can happen the next second. It's not like it's a big delay that
everyone will notice it. You don't have to do it prior to the attack but
it's better if you can. The objective is not to have your servers down for
an extended period of time.


 > 3. Even if you knew the numbers you would need to block an awful lot - and
 > block a lot of potential 'visitors' as well given that a dos attack often
 > utilises multiple IP# usually belonging to lots of other innocent people.
 >

Then you block them all even if they are innocent. Your obejective is to
save your servers even if it inconveniences a fraction of users. Even
Verizon now blocks some of its customers if it detects that their computers
are zombies being using to launch attacks including sending out spam. When
requests stop coming in you unblock them then.

  >> There should be only humans visiting your site
 > Tell me how a human can visit a web site? Not even a browser can visit a web
 > site.

huh?

 >
 > A browser 'requests' the server to return a page, (or whatever may be at a
 > particular url/path - then waits for the server to serve!

ok.. we know this. What are you trying to say?

 >
 > and a human can't send tens
  >> of requests/sec or bots from search engines and those are identifiable.
  >> Other than those two categories, you can safely block ip address that are
  >> sending too many requests.
  >>
 > As I said previously - the best way is to restrict the number of requests
 > within a given period. This can be done on a per IP basis or in general.
 > Either way it cuts down the overload on resources without denying your
 > 'visitors' access.

Are you talking about throttling? This could slow down access for everyone.

A dos attack is usually too many requests coming from one or more ip
addresses. A quick and efficient solution is to block or deflect these
requests until they stop.

--
Karim
<a style='text-decoration: underline;' href="http://www.cheapesthosting.com/webmastertoolbox" target="_blank">http://www.cheapesthosting.com/webmastertoolbox</a> - Free Resources for
Webmasters<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Dos Attack