There is no guaranteed
way to prevent all DoS, just as there is no sure way to prevent any hacking
attack. However, there are steps you can take to minimize the danger. There are,
we have already been mentioned some methodologies, such as SYN cookies and RST
cookies. In this section, a few of the steps you can take to make your system less
susceptible to a DoS attack will be examined.
One of the first
things for you to consider is how these attacks are perpetrated. They may be
executed via ICMP packets that are used to send error messages on the Internet
or are sent by the ping and traceroute utilities. It is must that you have
firewall and you must configure it to prevent ICMP packets from outside of the
network. Since DoS/DDoS attacks can be executed
via a wide variety of protocols, you can also configure your firewall to don’t
allow any incoming traffic at all, regardless of what protocol or port it
occurs on. This step may seem radical, but it is certainly a secure one.
It is also possible
to detect some threats from certain DoS tools, such as TFN2K, by using
information tools like NetStat. Many of these tools can be configured to look
for the SYN_RECEIVCED state, which could include indicate a SYN flood attack.
|
FYI: Blocking ICMP Packet |
|
|
There are very few legitimate reasons (and,
some would argue, no good reasons) for an ICMP packet from outside your
network so enter your network. Thus, blocking such packets is very often used
as one part of the strategy to defend against DoS attacks. |
|
If your network is
large enough to have internal routers, then you can configure those routers to
disallow any traffic that does not originate with your network. In that way,
should packets make it past your firewall; they will not be propagated though
out the network. You should also consider disabling directed IP broadcast
packets to all machines on the network, thus stopping many DoS attacks. Additionally,
you can install a filter on the router to verify that external packets actually
have external IP addresses and that Internal IPs have Internal IP addresses.
Because many
distributed DoS attacks depend on “unwitting” computers being used as launch
points, one way to reduce such attacks is to protect your computer against
virus attacks and Trojan horses. it is important that you remember following
three things:
Ø
Always
use virus-scanning software and keep it updated.
Ø
Always
keep operating system and software patches updated.
Ø
Have
an organizational policy stating that employees cannot download anything onto
their machines unless the download has been cleared by the IT staff.
As previously
stated, none of these steps will make your network totally secure from either
being the victim of a DoS attack or being the launch point for one, but they
will help reduce the chances of either occurring. A good resource for this
topic is the SANS Institute Web site, at www.sans.org/dosstep/.