Results 1 to 4 of 4

Thread: DOS attacks

  1. #1
    Senior Kitty Power! Wedo's Avatar
    10 Year Badge
    Join Date
    Oct 2001
    Location
    Lost Angeles

    DOS attacks

    Hey all,

    I have a good problem here at work. Our LAN is a 1.1MB ADSL (Covad line) using a Netopia Router, a SonicWall Pro firewall, a D-Link DSS24+ 'smart' switch, and W2K adv. server running DHCP, DNS, and NAT. The LAN is connected to our bosses home via a T-1 line via Cisco 1000 routers.

    So here's the problem: I have an end user on the other side of the T-1 who has three G4's and running his own subnet of DHCP addresses and he is getting hammered by DOS attacks.

    I have no idea how his G4's are being singled out, or how the packets are getting through our gateway router, the switch, the local Cisco, the T-1, the WAN Cisco, his Linksys router/switch.

    Anyone know how an attack can single out a particular set of machines through two subnets of DHCP? I'm assuming it's a MAC address thing, or maybe there are these packets cruising my network without my knowledge which would mean I'd need a quick, easy, and hopefully free program to test LAN traffic.

    Any help would be appreciated.

    Wedo
    ~ Folding for Sharon, Joy, Kathy, Cathy, Nancy, Peanut, and so many others ~[/size]

  2. #2
    Senior Kitty Power! Wedo's Avatar
    10 Year Badge
    Join Date
    Oct 2001
    Location
    Lost Angeles
    Um... bump Any ideas?

    Wedo
    ~ Folding for Sharon, Joy, Kathy, Cathy, Nancy, Peanut, and so many others ~[/size]

  3. #3
    Senior Member Kingslayer's Avatar
    Join Date
    Jun 2001
    Location
    Port Charlotte, Florida
    Is he really being DOS'd? Or are his own DHCP requests hammering his own bandwidth? Are the routes in the Cisco correct and proper?

    I don't think he is being dos'd. If that Cisco is setup right then either he's not subnetted right, or something on the inside is dos'ing him.

    What makes you think he is being dos'd? I mean do you have solid proof, or just a lack of connectivity being mistaken as a dos?
    "Some people live an entire lifetime and wonder if they have made a difference in the world. Marines don't have that problem" Ronald Reagan

    Proud member of the XDC

  4. #4
    Registered
    Join Date
    May 2002
    are the IPs public? or are you using one of the private ones:
    192.168.*.*
    10.*.*.*


    if you are using one of the private ones, then it's something inside that's doing it..
    -did i mention that G4s suck at networking? if anyone decides to fire up the 'chooser' then it'll flood the network...
    also check that you don't have any protocols installed that you don't need installed.

    if you are using public/external IPs, then anyone in the world can single them out.


    if you need to watch the network, fire up a console on the cisco router, go into enable mode, and debug all ***NOTE: HORRIBLE PERFORMANCE IMPACT!!!! ***, but you'll see everything that the router is doing... no debug all to turn it off

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •