When the ICMP packet arrives at the unwitting relay??™s network,
every host on that subnet replies to the ping! Furthermore, they reply to your computer
instead of to the actual sender. If the relay??™s network has hundreds of computers, your Internet
connection can be quickly flooded.
The best fix is to contact the organization being used as a relay and inform it of the abuse. Usually,
they need only to reconfigure their Internet router to stop any future attacks. If the organization is
uncooperative, you can minimize the effect of the attack by blocking the ICMP protocol on your
router. This will at least keep the traffic off your internal network. If you can convince your ISP to
block ICMP packets aimed at your network, it will help even more. (Note that there is some debate
about whether or not blocking ICMP packets is a good idea because ICMP services can be useful
for various administrative purposes.)
Protecting Against Distributed DOS Attacks
DDOS attacks are much harder to initiate and extremely difficult to stop. A DDOS attack begins
with the penetration of hundreds or even thousands of weakly secured machines. These machines
can then be directed to attack a single host based on the whims of the attacker.
With the advent of DSL and the cable modem, millions of people are enjoying Internet access with
virtually no speed restrictions.
Pages:
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496