[Dshield] How do you prepare for or fight against a DDOS?

John Holmblad jholmblad at aol.com
Tue Feb 17 00:14:13 GMT 2004


Tim,

Microsoft has recently updated the Microsoft Baseline Security Analyzer 
(MBSA)  which incorporates the hfnetcheck tool  from Shavlik  The MBSA 
tool is a free download and it has been recently updated to version 1.2:

    
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/mbsahome.asp

An earlier post on this list today by  Paul Marsh on this subject is 
provided here:

    *    

Sorry about that, the caffeine had not set in yet.
 The problem with SUS is exactly that the limitations stated my MS.
 Back when I was testing it you could not push SP's, only hot fixes.  
 I don't know if they have fixed this limitation or not? Why go halfway
and need
 another tool when you could go all the way with one tool HFNetChk.
 SUS was designed and created by Shavlik for MS, MS just chooses to use
 a watered down version.  Don't get me wrong, it's a good tool but it
still
 has a way too go. I just don't feel comfortable waiting.
 SMS is a good product but very cumbersome and pricy.

Again IMO

Thanx, Paul


Here is some helpful advice directly from Microsoft on the subject of 
DDOS attacks:

    
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bestprac/ddosatku.asp

    
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bestprac/dosatack.asp



If you are running IIS 4.X - 5.X you should also run the IIS lockdown  
wizard which also incorporates a tool called urlscan (actually urlscan 
is a .dll),  which implements an ISAPI filter on the url's of incoming 
requests to IIS against a configurable filter list.  On the Windows 
Server 2003 family which ships with IIS 6.0, the IIS lockdown wizard is 
built in. Here is the URL to  a Microsoft KB article on the IIS lockdown 
wizard:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;325864

and here is the URL to a Microsoft KB article on  urlscan:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;307608#appliesto

-- 

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

text email address:         jholmblad at vtext.com




More information about the list mailing list