[ Close ]

Forgotten your password?
Custom Search
Computer/IT Projects
 Projects Q A, Guidance for your projects Projects Forum Computer/IT Projects
Message Icon Topic: solution for denial of service Post Reply Post New Topic
Found this useful? Give a +1   Add to Facebook: Add to Facebook
Free Project Downloads
CS / IT Project Downloads
.Net Project Downloads
JAVA Project Downloads
PHP Project Downloads
Networking Proj Downloads
Project Topics
Computer(CS/IT) Projects
Software Mini Project Topics
Android Project Topics
Networking Project Ideas
Dot Net Project Topics
Latest IEEE Projects List
IEEE JAVA Project Topics
Project Presentation Tips
How to choose Project Topic
Tips for Final Year Project
Steps for FYP, Mini Project
Preparing a Project Report
Problems faced in Projects
Get Free Software CS / IT Project Downloads:

Enter your email address:  

Author Message

Joined: 19-Apr-2012
Online Status: Offline
Posts: 0
Quote punam90singh Replybullet Topic: solution for denial of service
    Posted: 20-Apr-2012 at 12:00am
can u provide me any algorithm or mechanism to stop dos
attack due to network flooding

IP IP Logged

Joined: 21-Sep-2008
Online Status: Offline
Posts: 0
Quote Stranger Replybullet Posted: 30-Apr-2012 at 1:35pm
Came across this from CERT:

Denial-of-service attacks can result in significant loss of time and money for many organizations. We strongly encourage sites to consider the extent to which their organization could afford a significant service outage and to take steps commensurate with the risk.

We encourage you to consider the following options with respect to your needs:

*    Implement router filters of CA-96.21.tcp_syn_flooding. This will lessen your exposure to certain denial-of-service attacks. Additionally, it will aid in preventing users on your network from effectively launching certain denial-of-service attacks.
*    If they are available for your system, install patches to guard against TCP SYN flooding as described in CA-96.21.tcp_syn_flooding, referenced above. This will substantially reduce your exposure to these attacks but may not eliminate the risk entirely.
*    Disable any unused or unneeded network services. This can limit the ability of an intruder to take advantage of those services to execute a denial-of-service attack.
*    Enable quota systems on your operating system if they are available. For example, if your operating system supports disk quotas, enable them for all accounts, especially accounts that operate network services. In addition, if your operating system supports partitions or volumes (i.e., separately mounted file systems with independent attributes) consider partitioning your file system so as to separate critical functions from other activity.
*    Observe your system performance and establish baselines for ordinary activity. Use the baseline to gauge unusual levels of disk activity, CPU usage, or network traffic.
*    Routinely examine your physical security with respect to your current needs. Consider servers, routers, unattended terminals, network access points, wiring closets, environmental systems such as air and power, and other components of your system.
*    Use Tripwire or a similar tool to detect changes in configuration information or other files.
*    Invest in and maintain "hot spares" - machines that can be placed into service quickly in the event that a similar machine is disabled.
*    Invest in redundant and fault-tolerant network configurations.
*    Establish and maintain regular backup schedules and policies, particularly for important configuration information.
*    Establish and maintain appropriate password policies, especially access to highly privileged accounts such as UNIX root or Microsoft Windows NT Administrator.

IP IP Logged
Senior Member
Senior Member

Joined: 21-Sep-2008
Online Status: Offline
Posts: 0
Quote Avinash Replybullet Posted: 30-Apr-2012 at 1:42pm
These are suggested methods to prevent distributed denial of service attacks.

1. Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection.

    This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet.

    The effect of Unicast RPF is that it stops SMURF attacks (and other attacks that depend on source IP address spoofing) at the ISP's POP (lease and dial-up). This protects your network and customers, as well as the rest of the Internet. To use unicast RPF, enable "CEF switching" or "CEF distributed switching" in the router. There is no need to configure the input interface for CEF switching. As long as CEF is running on the router, individual interfaces can be configured with other switching modes. RPF is an input side function that enabled on an interface or sub-interface and operates on packets received by the router.

    It is very important for CEF to be turned on in the router. RPF does not work without CEF. Unicast RPF is not supported in any 11.2 or 11.3 images. Unicast RPF is included in 12.0 on platforms that support CEF, which includes the AS5800. Hence, unicast RFP can be configured on the PSTN/ISDN dial-up interfaces on the AS5800.

2. Filter all RFC-1918 leavingcisco.com address space using Access Control Lists (ACLs).

    Refer to this example:

        access-list 101 deny ip any
        access-list 101 deny ip any
        access-list 101 deny ip any
        access-list 101 permit ip any any

        interface xy
           ip access-group 101 in

    Another source of information about special use IPv4 address space that can be filtered is the (now expired) IETF draft 'Documenting Special Use IPv4 Address Blocks that have been registered with IANA leavingcisco.com.'

3. Apply ingress and egress filtering (see RFC-2267 leavingcisco.com) using ACLs.

    Refer to this example:

             { ISP Core } -- ISP Edge Router -- Customer Edge Router -- { Customer network }

    The ISP edge router should only accept traffic with source addresses belonging to the customer network. The customer network should only accept traffic with source addresses other than the customer network block. This is a sample ACL for an ISP edge router:

        access-list 190 permit ip {customer network} {customer network mask} any
        access-list 190 deny ip any any [log]

        interface {ingress interface} {interface #}
             ip access-group 190 in

    This is a sample ACL for a customer edge router:

        access-list 187 deny ip {customer network} {customer network mask} any
        access-list 187 permit ip any any

        access-list 188 permit ip {customer network} {customer network mask} any
        access-list 188 deny ip any any

        interface {egress interface} {interface #}
             ip access-group 187 in
             ip access-group 188 out

    If you are able to turn on Cisco Express Forwarding (CEF), the length on the ACLs can be substantially reduced and thus increase performance by enabling unicast reverse path forwarding. In order to support unicast reverse path forwarding, you only need to be able to enable CEF on the router as a whole; the interface on which the feature is enabled does not need to be a CEF switched interface.

4. Use CAR to rate limit ICMP packets.

    Refer to this example:

        interface xy
        rate-limit output access-group 2020 3000000 512000 786000 conform-action
        transmit exceed-action drop

        access-list 2020 permit icmp any any echo-reply

5. Configure rate limiting for SYN packets.

    Refer to this example:

        access-list 152 permit tcp any host eq www
        access-list 153 permit tcp any host eq www established

        interface {int}
             rate-limit output access-group 153 45000000 100000 100000
        conform-action transmit exceed-action drop
             rate-limit output access-group 152 1000000 100000 100000
        conform-action transmit exceed-action drop

    In the previous example, replace:

        45000000 with the maximum link bandwidth

        1000000 with a value that is between 50% and 30% of the SYN flood rate

        burst normal and burst max rates with accurate values

    Note that if you set the burst rate greater than 30%, many legitimate SYNs may be dropped. In order to get an idea of where to set the burst rate, use the show interfaces rate-limit command in order to display the conformed and exceeded rates for the interface. Your objective is to rate-limit the SYNs as little as necessary to get things working again.

    Warning: It is recommended that you first measure amount of SYN packets during normal state (before attacks occur) and use those values to limit. Review the numbers carefully before you deploy this measure.

    If an SYN attack is aimed against a particular host, consider installing an IP filtering package on that host.
IP IP Logged

Post Reply Post New Topic

Free Programming Courses in JAVA, .Net and PHP (Register Now!)

Java Free Online Course

.Net Free Online Course

PHP Free Online Course

Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

This page was generated in 0.031 seconds.
© ProjectsQA.com   |   Privacy policy