Anyone know of a good "filter" aka sniffer to prevent DOS attacks?

[XeoNoX]

anyone know of a good "filter" or "sniffer" to prevent DOS attacks on a webserver using Win2k Server.

 

[Iceman]

yes, but the problem is they are all expensive, real expensive.

there are things you can do yourself, to help prevent it, but there is really no way to stop it cheaply.

 

[Pyr0]

Sniffers only look at the packets being sent in and out. The only way it could prevent it is if the person performs a DoS and you grab their IP and ban it.

 

[XeoNoX]

ICEMAN, can you name a few? The firewall is getting old and isnt doing much, i keep having to ban different ip's the person has a dynamic IP, i need like an analyzer or something to ban certain packets

 

[Pyr0]

Do this ban number.number.*.*

 

[XeoNoX]

that will work but then i will ban everyone on his ISP that uses his DHCP server, i might just have to do that though, but im almost sure they should be another way around it.

 

[Iceman]

I'll try to find the one I read about. it was a while back.

 

[Iceman]

Dang, I found the article I read and it's older than I thought, but maybe these companies have came up with something?

Article

I would do like Pryr0 said ban his DHCP server, and contact his ISP.

sorry I know this doesn't help all that much

 

[XeoNoX]

thanks for the info, i will read it later, i just banned the whole IP range temorarly.

 

[Pyr0]

Alrite this is how it goes. Grab logs. BlackIce is a good logger(notice I didn't say firewall). Give me his IP =) I'm sure you know how to do a DNS lookup on the IP, e-mail the ISP it's abuse@isp.com most of the times. Give them a call of if you want. Or you could hand him over to the police for cyber crimes.

 

[XeoNoX]

actually i dont want to get in toruble either, lets just the server isnt properly registered. :-( I will figure something out from here, i seem to have gotten some great info as well as advice. Thanks all.

 

[sickmailer]

My Firewall Block DDos When DDos Is Detected

Outpost Firewall