CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
| Author |
velometer dos attack
|
kpsalami
Junior Member
Registered: Jul 2001
Location:
Country: United States
State: CA
Certifications: MCSE, CCNA, CNE, CCDA, CCDP, CCNP, CCNP+
Working on:
Total Posts: 24
|
|
 velometer dos attack
I may be answering my own question here but
need some reinforcement….
Q. We are proactively stress testing our new web site at work and use a
trialware app called Velometer to simulate database queries and user
sessions. I occurred to me that if someone wanted to bring down the site,
(and there are million dollar companies we’re putting out of business if the
site succeeds), all they make need to do is run Velometer, and simulate
3000 SQL queries to if not kill SQL, at least chew up our bandwidth.
So, to tie this into Cisco, what is the best defense???
I was thinking how do I limit bandwidth on a source address??
Do I use the IDS ?
OR,…..is that what that, “embryonic” PIX command is for???
The PIX would see the TCP sessions climb to an alarming rate, in an
alarming time span, and close the sessions to a configurable amount??
Believe it or not, this is a question!!
Help..
Kip Palmer
Report this post to a moderator
|
|
 01-18-02 04:09 AM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
This is a good example of what TCP intercept on most firewalls would be good for. Unless you're completing the 3 way handshake (which would be dumb is you're a cracker since it would identify you; you would instead use forged source addresses) the firewall would either start dropping the half open connections in active mode or start sending FINs to the target if it was in passive mode.
Without doing this on a distributed basis, it would be very difficult to simply chew up a target's bandwidth. After all, how many people have an OC-3 set aside for mischievious uses?
MadChef
Report this post to a moderator
|
|
|
01-18-02 10:30 AM
|
|
chodan
Senior Member
M
Registered: Mar 2000
Location: Kentucky
Country: United States
State:
Certifications: CCNA/CCNP CCDA /CCDP MCSE NT4/Win2000 MCP+I Network+ Security+
Working on: CCIE Routing & Switching
Total Posts: 1582
|
|
|
Intercepting such attacks "if distributed" on the PIX wouldn`t keep your bandwidth from getting hosed if for instance it is fairly limited.
If you have a good relationship with your ISP you could have them block that for you but I wouldn`t recomend it until after a attack.
Does this sound reasonable?
__________________
Check out my music at
www.chodan.com
Rural Development in Eastern Ky.
www.centertech.com
"It is our decisions that show us what we truly are in life, not our abilities."
Report this post to a moderator
|
|
|
01-31-02 12:44 AM
|
|
kpsalami
Junior Member
Registered: Jul 2001
Location:
Country: United States
State: CA
Certifications: MCSE, CCNA, CNE, CCDA, CCDP, CCNP, CCNP+
Working on:
Total Posts: 24
|
|
|
solution?
Bandwidth is 5mg ATM.
So, what's actually going to catch and block it on the PIX? Floodgaurd? Embrionic sessions? Help..
Thanks
Report this post to a moderator
|
|
|
02-01-02 07:54 AM
|
|
|
Cisco exam notes
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
