LAST_ACK The remote end has shut down, and the socket is closed, waiting for acknowledgement.
LISTEN Socket is waiting for an incoming connection.
CLOSING Both sides of the connection are shut down, but not all of your data has been sent.
UNKNOWN The state of the socket is unknown.
During a DOS attack, the foreign address is usually the same for each connection. In this case, it is
a simple matter of typing the foreign IP address into the search form at www.arin.net/whois/
so you can alert your ISP.
During a DDOS attack, the foreign address will likely be different for each connection. In this case,
it is impossible to track down all of the offenders because there will likely be thousands of them.
The best way to defend yourself is to contact your ISP and see if it can filter the traffic at its border
routers.
Protecting Against Intrusion Attacks
Crackers have a wide variety of tools and techniques to assist them in breaking into your computer.
Intrusion attacks focus on exploiting weaknesses in your security, so the crackers can take
more control of your system (and potentially do more damage) than they could from the outside.
Fortunately, there are many tools and techniques for combating intrusion attacks. This section discusses
the most common break-in methods and the tools available to protect your system.
Pages:
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503