Anyone know of a good "filter" aka sniffer to prevent DOS attacks?

Discussion in 'Windows Desktop Systems' started by XeoNoX, Jun 2, 2002.

  1. XeoNoX

    XeoNoX OSNN Senior Addict

    Messages:
    271
    anyone know of a good "filter" or "sniffer" to prevent DOS attacks on a webserver using Win2k Server.
     
  2. Iceman

    Iceman Moderator

    Messages:
    2,695
    yes, but the problem is they are all expensive, real expensive. :(

    there are things you can do yourself, to help prevent it, but there is really no way to stop it cheaply.
     
  3. Pyr0

    Pyr0 Guest

    Sniffers only look at the packets being sent in and out. The only way it could prevent it is if the person performs a DoS and you grab their IP and ban it.
     
  4. XeoNoX

    XeoNoX OSNN Senior Addict

    Messages:
    271
    ICEMAN, can you name a few? The firewall is getting old and isnt doing much, i keep having to ban different ip's the person has a dynamic IP, i need like an analyzer or something to ban certain packets
     
  5. Pyr0

    Pyr0 Guest

    Do this ban number.number.*.*
     
  6. XeoNoX

    XeoNoX OSNN Senior Addict

    Messages:
    271
    that will work but then i will ban everyone on his ISP that uses his DHCP server, i might just have to do that though, but im almost sure they should be another way around it.
     
  7. Iceman

    Iceman Moderator

    Messages:
    2,695
    I'll try to find the one I read about. it was a while back.
     
  8. Iceman

    Iceman Moderator

    Messages:
    2,695
    Dang, I found the article I read and it's older than I thought, but maybe these companies have came up with something?

    Article

    I would do like Pryr0 said ban his DHCP server, and contact his ISP.

    sorry I know this doesn't help all that much :(
     
  9. XeoNoX

    XeoNoX OSNN Senior Addict

    Messages:
    271
    thanks for the info, i will read it later, i just banned the whole IP range temorarly.
     
  10. Pyr0

    Pyr0 Guest

    Alrite this is how it goes. Grab logs. BlackIce is a good logger(notice I didn't say firewall). Give me his IP =) I'm sure you know how to do a DNS lookup on the IP, e-mail the ISP it's abuse@isp.com most of the times. Give them a call of if you want. Or you could hand him over to the police for cyber crimes.
     
  11. XeoNoX

    XeoNoX OSNN Senior Addict

    Messages:
    271
    actually i dont want to get in toruble either, lets just the server isnt properly registered. :-( I will figure something out from here, i seem to have gotten some great info as well as advice. Thanks all.
     
  12. sickmailer

    sickmailer Guest