While the threat of DoS attacks can’t be eliminated, it can
be reduced through the following three methods:
-
Anti-DoS features Proper implementation
and configuration of anti-DoS features available on routers and firewalls can
help limit the effectiveness of an attack. These features could include limiting
the number of half-open connections allowed at any given time or limiting the
number of certain types that can originate from a source address.
-
Antispoofing features Proper
implementation and configuration of antispoofing features on routers and
firewalls can help limit a hacker’s ability to mask their identity. RFC 2827
filtering should be configured at a minimum (see the upcoming section “IP
Spoofing”).
-
ISP traffic rate limiting The ISP agrees
to filtering limits on the amount of nonessential traffic that can cross link(s)
to the company at one time. The filtering might limit the volume of ICMP
traffic, a common source of distributed denial of service (DDoS) attacks, into a
network because it’s used only for diagnostic purposes.
Sections
Comments (0 posted)
Syndication
