Click here to get back home

Are we sending DDOS?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Are we sending DDOS? James 05-23-2007
Posted by James on May 23, 2007, 12:48 pm
Please log in for more thread options
 We got an email from our ISP saying we are sending out a Ddos attack.
How would one go about tracing this?
All our outbound connections are going through an ISA 2000 server.

Any suggestions for a newb?



Posted by S. Pidgorny on May 24, 2007, 6:07 am
Please log in for more thread options
 Monitor external interface of ISA Server for a while to find out what's
outgoing. Use a NIDS (like Snort, which you can run on ISA) to alert on
potential probes from within your network.

Implement restrictive firewall rules and analyse Web requests originating
from your clients. pay special attention to those issued when the user
wasn't there :)

Ask the ISP for additional information - that is, how they detected the
DDoS, and suggestions as for rectification of the situation. Offer full
cooperation in exchange for them doing some of the above tasks for you.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

> We got an email from our ISP saying we are sending out a Ddos attack.
> How would one go about tracing this?
> All our outbound connections are going through an ISA 2000 server.
>
> Any suggestions for a newb?
>
>




Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap