Guards against DDoS to attack 11 move of |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  The hacker file>>invasion analysis>> guards against DDoS to 
                  attack 11 moves  Printing

            Guards against DDoS to attack 11 moves
            Www.cshu.net  2002-8-18  fog rain village 

              Guards against DDoS to attack 11 moves 

              1. guarantees all servers to use the newest system, and gets the 
              security patch. The computer urgent response coordinated center 
              discovered that, nearly each comes under the DDoS attack the 
              system all not to have promptly to get the patch. 
               
              2. guarantees the manager to carry on the inspection to all main 
              engines, but not only in view of essential main engine. This is 
              for guarantee the manager to know what each main engine system is 
              moving? Who is using the main engine? Which people may visit the 
              main engine? Otherwise, even if the hacker has encroached upon the 
              system, also is very difficult to verify. 
               
              3. guarantees from the server corresponding catalogue either the 
              document database does not delete use service like FTP or NFS. 
              Protection procedure and so on Wu-Ftpd has some known loopholes, 
              the hacker can obtain the visit privilege system through the root 
              attack the jurisdiction, and can visit other systems is even the 
              system which is protected the firewall. 
               
              4. guarantees the movement all to have the TCP seal procedure on 
              Unix all services, limits visit to the main engine the 
              jurisdiction. 
               
              5. prohibitions interior network through Modem connection to 
              PSTN system. Otherwise, the hacker can through the telephone line 
              not discover the main engine which protects, instantly can visit 
              the extremely secret data. 
               
              6. prohibitions uses network visits procedure like Telnet, Ftp, 
              Rsh, Rlogin and Rcp, by based on PKI visit procedure like SSH 
              substitution. SSH cannot on-line by the definite orders form 
              transmission password, but Telnet and Rlogin then just right are 
              opposite, the hacker can search for these passwords, thus visits 
              in the network immediately the important server. In addition, 
              should deletes on Unix rhost and the hosts.equiv document, because 
              does not need to guess the password, these documents can provide 
              register the visit! 
               
              7. limits outside the firewall and network document sharing. 
              This can enable the hacker to have the opportunity to intercept 
              the system document, and replaces it by the Trojan horse, the 
              document transmission function not different will fall into the 
              paralysis. 
               
              8. guarantees on hand has a newest network analysis situs chart. 
              This chart should in detail mark the TCP/IP address, the main 
              engine, the router and other network equipment, but also should 
              include the net boundary, the demilitarized zone (DMZ) and the 
              network internal security part. 
               
              9. moves the port mapping procedure on the firewall or the port 
              scanning procedure. The majority event is because firewall 
              disposition not when creates, causes DoS/DDoS to attack the 
              success ratio to be very high, therefore surely must earnestly 
              inspect the privilege port and the non- privilege port. 
               
              10. inspections all networks equipment and main engine/server 
              system diary. So long as the diary appears the loophole or the 
              time appears the change, nearly may affirm: The correlation main 
              engine safely received the danger to coerce. 
               
              11. uses the DDoS equipment provider's equipment. 
               
              &#36951;.., which network at present doesn't have to be possible in 
              order to avoid DDoS attack, but if takes the above several 
              measures, can play the certain prevention role. 



              Original author: N/A 
              Origin: Safechina.net 
              Altogether has 58 readers to read this article 

              [Tells friend] 
            Previous article: Already did not have 

            Next article:C source code: The Linux nfsd existence overflow 
            loophole long-distance allows the intruder to gain root 

            - this week popular article - related article 
            Microsoft safely announced that, Ms03-009 (MS, patch) 
            Samba SMB/CIFS package of lamination reorganization long-distance 
            buffer overflow loophole
            Microsoft Windows PostMessage API exposition password loophole
            Microsoft Windows help system CNT document: Link long-distance 
            buffer overflow loophole
            Kernel has many flaws (Linux, patch)
            OpenPKG has the dense spoon revelation flaw (Linux, patch) 
            How scratches buttocks ----nt and UINX the system LOG diary article 



      CSHU 
