Q

How to stop a DoS attack against a key server

When a disgruntled former employee decides to wreak havoc on a network with a DoS attack, there are a few quick steps you can take to minimize the damage. Learn more in this expert response.

I run a certain key server, and a former user in our organization is now conducting a denial-of-service against this particular asset. I managed to find out the source IP address. How can I effectively mitigate the denial-of-service( DoS) attack? Can I also report the incident to law enforcement?
In this particular case, since it is a limited denial-of-service (DoS) attack (i.e., single source), the quickest way to mitigation would be to enforce a shun or a drop on your edge appliance. This could take the form of an access control list (ACL) on your edge router or firewall, which is a relatively simple configuration change.

If you see persistent DoS attacks from multiple IP addresses, a more systemic solution might be required. A number of ISPs provide distributed denial-of-service (DDoS) mitigation in the cloud (Cisco Systems Inc. Guards or Arbor Networks TMS) as a service to their customers. These services can filter DDoS traffic quite a few hops beyond the enterprise network's border router, thereby protecting the network. Another option for how to...

stop a DoS attack might be to purchase a traffic anomaly detection appliance and deploy it in front of your border routers. In this case, mitigation will still work, but, as the appliance is much closer to the network, it could potentially be less effective. The reason for this is that bandwidth saturation, due to the DDoS attack, has propagated to the last hop where available bandwidth is limited. Addressing this at the ISP's cleaning centers avoids this limitation.

As to contacting law enforcement, organizations in the U.S. interested in an investigation of a DoS attack can contact their local FBI field office for guidance and information.

This was first published in July 2010

Dig deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close