Problem solve Get help with specific problems with your technologies, process and projects.

How to stop a DoS attack against a key server

When a disgruntled former employee decides to wreak havoc on a network with a DoS attack, there are a few quick steps you can take to minimize the damage. Learn more in this expert response.

I run a certain key server, and a former user in our organization is now conducting a denial-of-service against this particular asset. I managed to find out the source IP address. How can I effectively mitigate the denial-of-service( DoS) attack? Can I also report the incident to law enforcement?
In this particular case, since it is a limited denial-of-service (DoS) attack (i.e., single source), the quickest way to mitigation would be to enforce a shun or a drop on your edge appliance. This could take the form of an access control list (ACL) on your edge router or firewall, which is a relatively simple configuration change.

If you see persistent DoS attacks from multiple IP addresses, a more systemic solution might be required. A number...

of ISPs provide distributed denial-of-service (DDoS) mitigation in the cloud (Cisco Systems Inc. Guards or Arbor Networks TMS) as a service to their customers. These services can filter DDoS traffic quite a few hops beyond the enterprise network's border router, thereby protecting the network. Another option for how to stop a DoS attack might be to purchase a traffic anomaly detection appliance and deploy it in front of your border routers. In this case, mitigation will still work, but, as the appliance is much closer to the network, it could potentially be less effective. The reason for this is that bandwidth saturation, due to the DDoS attack, has propagated to the last hop where available bandwidth is limited. Addressing this at the ISP's cleaning centers avoids this limitation.

As to contacting law enforcement, organizations in the U.S. interested in an investigation of a DoS attack can contact their local FBI field office for guidance and information.

This was last published in July 2010

Dig Deeper on DDoS attack detection and prevention

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.