[Dshield] How do you prepare for or fight against a DDOS?

Josh Tolley josh at raintreeinc.com
Tue Feb 17 05:48:17 GMT 2004


I can't help you much on question #1, aside from 1) keep an IDS or 
something going so you know when you're being DDoS'd, 2) talk to your 
ISP when the attack comes and ask them for help, and 3) don't tick off 
any influential skiddies (just kidding).

About question #2 re: hfnetchk and SUS, we're just on the tail end of a 
light discussion of that very subject. The jury so far seems to agree 
that hfnetchk is the way to go, unless you can accept (or are forced to 
accept) the limitations of SUS (Software update services), including 
among other things

- can only work with hotfixes (not service packs)
- requires IIS, significant disk space (in some configurations)

Microsoft's FAQ: 
http://www.microsoft.com/windowsserversystem/sus/susfaq.mspx

Josh Tolley

Tim Lamberth wrote:

> Hello list,
> 
> Actually I have two questions if you will allow me.
> 
> First how does one prepare for and/or fight a DDOS? Since this seems to be
> the evil of choice lately I was wondering what others (those more
> experienced than I) would do.
> 
> Also in keeping up with patches for MS products is there a utility or
> program better that hfnetchk? If so what are some of the general features?
> What about the SUS server from MS?
> 
> As always thanks for any comments,
> 
> Tim Lamberth
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 





More information about the list mailing list