Notices

Overclockers Forums > Software > Internet, Networking, and Security
Internet, Networking, and Security Networking and Viruses/Malware trouble. Get the answers here.
Forum Jump

DOS attacks

Post Reply New Thread Subscribe Search this Thread
 
 
Thread Tools
Old 05-08-02, 11:27 AM Thread Starter   #1
Wedo
Senior Kitty Power!

 
Wedo's Avatar 

Join Date: Oct 2001
Location: Lost Angeles

 
DOS attacks


Hey all,

I have a good problem here at work. Our LAN is a 1.1MB ADSL (Covad line) using a Netopia Router, a SonicWall Pro firewall, a D-Link DSS24+ 'smart' switch, and W2K adv. server running DHCP, DNS, and NAT. The LAN is connected to our bosses home via a T-1 line via Cisco 1000 routers.

So here's the problem: I have an end user on the other side of the T-1 who has three G4's and running his own subnet of DHCP addresses and he is getting hammered by DOS attacks.

I have no idea how his G4's are being singled out, or how the packets are getting through our gateway router, the switch, the local Cisco, the T-1, the WAN Cisco, his Linksys router/switch.

Anyone know how an attack can single out a particular set of machines through two subnets of DHCP? I'm assuming it's a MAC address thing, or maybe there are these packets cruising my network without my knowledge which would mean I'd need a quick, easy, and hopefully free program to test LAN traffic.

Any help would be appreciated.

Wedo

__________________
~ Folding for Sharon, Joy, Kathy, Cathy, Nancy, Peanut, and so many others ~[/size]
Wedo is offline   QUOTE Thanks
Old 05-08-02, 05:17 PM Thread Starter   #2
Wedo
Senior Kitty Power!

 
Wedo's Avatar 

Join Date: Oct 2001
Location: Lost Angeles

 
Um... bump Any ideas?

Wedo

__________________
~ Folding for Sharon, Joy, Kathy, Cathy, Nancy, Peanut, and so many others ~[/size]
Wedo is offline   QUOTE Thanks
Old 05-08-02, 06:41 PM   #3
Kingslayer
Senior Member

 
Kingslayer's Avatar 

Join Date: Jun 2001
Location: Port Charlotte, Florida

 
Is he really being DOS'd? Or are his own DHCP requests hammering his own bandwidth? Are the routes in the Cisco correct and proper?

I don't think he is being dos'd. If that Cisco is setup right then either he's not subnetted right, or something on the inside is dos'ing him.

What makes you think he is being dos'd? I mean do you have solid proof, or just a lack of connectivity being mistaken as a dos?

__________________
"Some people live an entire lifetime and wonder if they have made a difference in the world. Marines don't have that problem" Ronald Reagan

Proud member of the XDC
Kingslayer is offline   QUOTE Thanks
Old 05-14-02, 12:59 AM   #4
suroot
Registered



Join Date: May 2002

 
are the IPs public? or are you using one of the private ones:
192.168.*.*
10.*.*.*


if you are using one of the private ones, then it's something inside that's doing it..
-did i mention that G4s suck at networking? if anyone decides to fire up the 'chooser' then it'll flood the network...
also check that you don't have any protocols installed that you don't need installed.

if you are using public/external IPs, then anyone in the world can single them out.


if you need to watch the network, fire up a console on the cisco router, go into enable mode, and debug all ***NOTE: HORRIBLE PERFORMANCE IMPACT!!!! ***, but you'll see everything that the router is doing... no debug all to turn it off
suroot is offline   QUOTE Thanks

Post Reply New Thread Subscribe


Overclockers Forums > Software > Internet, Networking, and Security
Internet, Networking, and Security Networking and Viruses/Malware trouble. Get the answers here.
Forum Jump

Thread Tools Search this Thread
Search this Thread:

Advanced Search


Mobile Skin
All times are GMT -5. The time now is 11:34 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
You can add these icons by updating your profile information to include your Heatware ID, Benching Profile ID or your Folding/SETI profile ID. Edit your profile!
X

Welcome to Overclockers.com

Create your username to jump into the discussion!

New members like you have made this the best community on the Internet since 1998!


(4 digit year)

Why Join Us?

  • Share experience
  • Max out your hardware
  • Best forum members anywhere
  • Customized forum experience

Already a member?