simple security

A few days ago, I had written about what a DOS attack is. DOS attacks are usually targetted towards ISPs or websites of large corporations. Home users might get affected by a DOS attack, such that if their ISP is attacked then they might face connectivity issues. As a home user, you dont have too many options. But as a sys-admin incharge of a large corporation's website or if you are working for an ISP, you might be wondering what your options are.

So what can be done when a DOS attack occurs? Can it be stopped or its effect mitigated? Well, lets look at a few options:

• Configure your router to block all outbound packets that have a source address that doesnt match your network subnet (this mostly helps when your network/machines are used to conduct an attack on someone else).
  
• You can use a combination of firewall and Intrusion Detection Software (IDS) to cut down on suspicious traffic.
  
• Restrict broadcast traffic.
• Rate limit your traffic. Rate limiting restricts the amount of bandwidth a specific type of traffic can consume at any given moment.
• Disallow broadcast ICMP packets through your router

These are just the preliminary starting points. Preventing a DOS or a DDOS attack is a huge topic in itself. In a future post, I'll describe the various types of DOS attacks like smurf, fraggle etc.