Ask the Expert

How to stop a DoS attack against a key server

I run a certain key server, and a former user in our organization is now conducting a denial-of-service against this particular asset. I managed to find out the source IP address. How can I effectively mitigate the denial-of-service( DoS) attack? Can I also report the incident to law enforcement?

    Requires Free Membership to View

In this particular case, since it is a limited denial-of-service (DoS) attack (i.e., single source), the quickest way to mitigation would be to enforce a shun or a drop on your edge appliance. This could take the form of an access control list (ACL) on your edge router or firewall, which is a relatively simple configuration change.

If you see persistent DoS attacks from multiple IP addresses, a more systemic solution might be required. A number of ISPs provide distributed denial-of-service (DDoS) mitigation in the cloud (Cisco Systems Inc. Guards or Arbor Networks TMS) as a service to their customers. These services can filter DDoS traffic quite a few hops beyond the enterprise network's border router, thereby protecting the network. Another option for how to stop a DoS attack might be to purchase a traffic anomaly detection appliance and deploy it in front of your border routers. In this case, mitigation will still work, but, as the appliance is much closer to the network, it could potentially be less effective. The reason for this is that bandwidth saturation, due to the DDoS attack, has propagated to the last hop where available bandwidth is limited. Addressing this at the ISP's cleaning centers avoids this limitation.

As to contacting law enforcement, organizations in the U.S. interested in an investigation of a DoS attack can contact their local FBI field office for guidance and information.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: