Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Detecting a DOS attack


  • Please log in to reply

#1
Baggyboy

Baggyboy

    Member

  • Member
  • PipPipPip
  • 106 posts
Are there tools available which would enable me to discover if a DOS attack or similar was being carried out against my home pc?

I have no particular reason to suspect that this is truly the case as the problem is very intermittent. (occasional complete loss of internet connection... for no readily discernible reason)

I have all the pre-requisite AV, Firewall, Anti-Spyware, etc tools and like to keep a tight reign on my security... as far as I am able to anyway.

Anyway, can anyone tell me if IDS/IPS software like snort or Prevx would be able to tell me what I want to know. Would there be clues to such an attack in my router firewall log or even my software firewall logs if i set them up properly (Sygate PF).

Does anyone have any suggestions for diagnosing a complete net black-out, whether DOs related or not? If not an attack then what might be some likely places to check for faults? Is it more likely to be a temporary fault at the ISP's side of things? Or even a wiring fault at home?!

I have tried all that I can think of but alas, although I have used a variety of specialist tools and settings with some degree of success in relation to this type of thing, I lack the knowledge to delve deeper or to really understand what i'm looking at.

If anyone can recommend some further reading I would be obliged.

For example, I find firewall logs fascinating but merley sit and look sagely upon the confusion, occasionally picking out discernible bits of information. How do people make sense of all this? How can I filter it into something useful? Are there settings I can enable in the firewall? Or software i can use to analyse the logs? Are there logs on my actual cable modem itself? Can I access them in a similar fashion to my router setup? Would that be against the T&C's of my ISP?

Any and all advice welcome, I seek to learn.

[note] Thanks to Efwis for pointing out a major blunder in this post. Major editing ensued! Cheers for the heads up dude :tazz: [/note]

Edited by Baggyboy, 29 August 2005 - 05:45 PM.

  • 0

Advertisements


#2
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
that is asking for trouble, here is the reason why.


1st you don't know what someone that sees this thread is capable of doing,

2nd, you won't be able to verify if anything is happening,

3rd, you run a risk of owning a zombie computer

4th, it could cause your isp to drop you like yesterdays news

so these are some things to seriously consider before asking a question like that.
  • 0

#3
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
ok, my bad :tazz: I just wondered if i could either avoid or spot something like that happening to me in the future.

I am slightly confused as to some of your reasons though. I do not with to interfere with anything outwith my own home. I wasn't planning on doing any invasive scanning of my own :)

Please feel free to delete this post if you feel it is in my best interests. But if you could elaborate a little on your reply, I feel it would be very enlightening for me.

I am concerned about my online security and would like to know that I have strong defences. I was kinda hoping you would point me in the direction of IDS software or something... Maybe talk about a dedicated hardware firewall for complete peace of mind. I have looked at options like that before and would like to hear the views of some geek to go users. Perhaps a new post is in order though!
  • 0

#4
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,678 posts
i will leave this post open, in hopes you get your answers, I would recommend editing your original post as it is currently put.

we are a tech site, how ever, we don't want anyone doing anythign that could potentially cause harm to someone elses computer. Plus for security reason it would not be a good idea to give someone your IP address. that is your main line of defense.

hope this helps.
  • 0

#5
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Ahh ok. I see what you mean.... I didn't realise that my first post could actually seem like a request for someone to launch a DOS attack on my PC!!! :) What can I say... except that i'm off to edit that 1st post!

Cheers Efwis

And don't worry. I would never divulge my IP address to all and sundry, or even pretty much anyone who asked. I've got enough net sense to know that much at least.

It seems that it's more a lack of common sense prevails!! :tazz:
  • 0

#6
Scooped

Scooped

    Member

  • Member
  • PipPip
  • 86 posts
Well if you aren't forwarding any services through your router, then I don't think you have anything to worry about.

The more likely cause would be someone in your house is downloading large files, whether that be via p2p or anything else.

Also, I've noticed my connection speeds vary some times, which means my ISP is having a lot of traffic, or something. Unless your speed has REALLY dropped then this could be another cause.

And if you're asking this for malicous purposes, [bleep] off...
  • 0

#7
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Hmm, I may have either yahoo or msn messenger services being forwarded through the router... will go check that shortly.

I'm actually secretly convinced that it's been something to do with her IM games that she plays all the time :)

And i'm not just talking about a sharp decrease in speed, i'm talking about complete severance from the net. I've tried all the ipconfig, ping, traceroute jiggery pokery that I can think of and have found from my various ramblings through tech forums and the like when this happens. The only way to solve it is by unplugging the modem for a minute or two and then powering it back up, and thus needing to do likewise with the router.

Normally this isn't too much of an inconvenience however, last night it happened again, except that this time we were offline for quite a few hours. I'm not sure exactly how long as i went to bed before it was back.

That was what prompted this post. I thought GeeksToGo would be a great place to ask. I'm currently a Geek In Training here, as you can probably tell from my user tag, but I look forward to making a valid contribution to this forum and helping fight the scourge of malware!

Mine is a crime or curiosity, not malevolency.

:tazz: I hope that doesn't sound too 'Hacker Manifesto'!

Edited by Baggyboy, 29 August 2005 - 06:02 PM.

  • 0

#8
Scooped

Scooped

    Member

  • Member
  • PipPip
  • 86 posts
Lol, ok no problem.

You seem bright enough to know it's not something like your kid downloading music, so it seems like this might be more of a hardware issue. Have you tried just directly plugging in your cable modem to one of your computers?

Every blue moon my router will act up, which is solved by reseting it, and loading my configuration file. Try that too.

BTW I meant listening services being forwarded. Yahoo and Msn messenger are legit :tazz:
  • 0

#9
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
OK, the next time it happens, I'll try just resetting my router instead. Although the problem did happen before I had a home network. I've just always put it down to Out-Of-My-Control. Now I want to know more!

Does anyone out there use any IDS/IPS systems at home? Or am I trying to play with the big boys who wear corporate sys tech pyjamas? Am I out of my league?

Edited by Baggyboy, 30 August 2005 - 11:42 AM.

  • 0

#10
Guest_Tony_*

Guest_Tony_*
  • Guest
If you are that worried about your internet security, I suggest installing a firewall.
  • 0

Advertisements


#11
Baggyboy

Baggyboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I do have both software and hardware firewalls running. Sygate Personal Firewall for software and the NAT Firewall on my router. Is there possibly a way to configure my logging options (probably for Sygate as my h/w firewall is pretty nash) to enable me to analyse the traffic i recieved just prior to a complete net outage to check for any suspect connections or massive amounts of a particular type of connection?

Although I am asking for help on this matter, i do like to think i'm pretty pc literate. I have studied computing science and have at least 10-15 years experience of messing around with my machine, breaking it... and then learning how to fix it!

So perhaps help isn't really what i'm really looking for. More like some suggested further reading on this topic. Intrusion detection is something that interests me greatly. And what better way to learn than by analysing my own security logs?! Well, aside from actually signing up for a course in IT Security that is!

Edited by Baggyboy, 30 August 2005 - 11:43 AM.

  • 0

#12
Guest_Tony_*

Guest_Tony_*
  • Guest
Norton has some Intrusion detection things.

But overall, I think that the best firewall is Zoone alarm, so far no one has been able to get into my computer, and that is also cause I have my security settings on high.
  • 0

#13
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts

Norton has some Intrusion detection things.

But overall, I think that the best firewall is Zoone alarm, so far no one has been able to get into my computer, and that is also cause I have my security settings on high.

View Post


I have tried zonealarm before but you get too many messages thatt you cant do what you wanted o do on the computer.

I use sygate im not sure if anyone has gotten into my system yet but the internet dosnt work at very strange times one second its working and another its not and im on broadband. :tazz:
  • 0

#14
Guest_Tony_*

Guest_Tony_*
  • Guest

I have tried zonealarm before but you get too many messages thatt you cant do what you wanted o do on the computer.

I use sygate im not sure if anyone has gotten into my system yet but the internet dosnt work at very strange times one second its working and another its not and im on broadband. :tazz:

View Post



Yes I agree with that , but are ?you checking the box in zone alarm 'Remember this anwer'?
  • 0

#15
RockyIV

RockyIV

    Banned

  • Banned
  • PipPipPip
  • 710 posts

I have tried zonealarm before but you get too many messages thatt you cant do what you wanted o do on the computer.

I use sygate im not sure if anyone has gotten into my system yet but the internet dosnt work at very strange times one second its working and another its not and im on broadband. :tazz:

View Post


The best way of saying this is: 'ZoneAlarm id been over-protective!'
RockyIV
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP