TechSpot

I'm hit! Need Assistance!

By eddy05
Apr 26, 2003
Post New Reply
  1. My web server is recently being attacked by DoS attacks, and I can trace the IP to one particular IP. Is there any software that can help me filter ALL packets to and fro a particular IP?
     
  2. Rick

    Rick TechSpot Staff Posts: 4,573   +65

    If you are running a Windows server, you can block access to certain IPs using the "hosts" file in Windows XP and Windows 2000.

    You can find this file in C:\Windows\System32 , or C:\Windows\System32\Drivers\Etc or C:\Windows depending on what OS you are running.

    "hosts" is a text file, with no extension. Open it up in notepad (may be necessary to disable hidden files and hidden system files) and at the bottom, you can add the line "127.0.0.1 IP_YOU_NEED_TO_BLOCK"

    127.0.0.1 is your local IP.

    I am not sure how much this helps against DoS attacks, but it should deny network traffic from the other IP.
     
  3. eddy05

    eddy05 TS Rookie Topic Starter Posts: 152

    thanks, Rick~!

    *Relieved*

    Yeah I thought the host file's only purpose is to map a string to an ip, but i didn't know that it can block traffic (Actually I did it before, I screwed one of the comp in my school with the hosts file, but then, it was last year and I forgot about it)

    I originally thought it was IIS' fault, then I thought a virus/trojan might had slipped through my NAV, until my friend suspected that it's something to do with the network.

    So far, very good. My port 80 is no longer being flooded.
     
  4. Justin

    Justin TS Rookie Posts: 942

    I was under the impression that the hosts file (on both windows and unix/unix variants) was for resolving only, client side. IIRC no matter what you put in it, externally you can still be accessed. I could be wrong, I'm just wondering.

    My advice to you, is to send the logs of the attack to your ISP. Remember that no matter what type of filtering you use at your end, the packets are still being dealt with by your hardware - meaning your bandwidth is still being consumed. However most ISPs, if they are on the ball, can filter the attack at their branch, which will save you bandwidth and will also alert your ISP to the attack.
     
  5. eddy05

    eddy05 TS Rookie Topic Starter Posts: 152

    ... That's a valid reason there.

    I'll monitor the traffic closely to check for flooder ips and report to my ISP when necessary. Thanks.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...