Nov 5, 2009

Understanding Denial-of-Service Attacks

You may have heard of denial-of-service attacks launched against websites,
but you can also be a victim of these attacks. Denial-of-service attacks can
be difficult to distinguish from common network activity, but there are some
indications that an attack is in progress.

What is a denial-of-service (DoS) attack?

In a denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting your
computer and its network connection, or the computers and network of the
sites you are trying to use, an attacker may be able to prevent you from
accessing email, websites, online accounts (banking, etc.), or other
services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker
"floods" a network with information. When you type a URL for a particular
website into your browser, you are sending a request to that site's computer
server to view the page. The server can only process a certain number of
requests at once, so if an attacker overloads the server with requests, it
can't process your request. This is a "denial of service" because you can't
access that site.

An attacker can use spam email messages to launch a similar attack on your
email account. Whether you have an email account supplied by your employer
or one available through a free service such as Yahoo or Hotmail, you are
assigned a specific quota, which limits the amount of data you can have in
your account at any given time. By sending many, or large, email messages to
the account, an attacker can consume your quota, preventing you from
receiving legitimate messages.

What is a distributed denial-of-service (DDoS) attack?

In a distributed denial-of-service (DDoS) attack, an attacker may use your
computer to attack another computer. By taking advantage of security
vulnerabilities or weaknesses, an attacker could take control of your
computer. He or she could then force your computer to send huge amounts of
data to a website or send spam to particular email addresses. The attack is
"distributed" because the attacker is using multiple computers, including
yours, to launch the denial-of-service attack.

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a
DoS or DDoS attack, but there are steps you can take to reduce the
likelihood that an attacker will use your computer to attack other
computers:
* Install and maintain anti-virus software (see Understanding Anti-Virus
Software for more information).
* Install a firewall, and configure it to restrict traffic coming into and
leaving your computer (see Understanding Firewalls for more
information).
* Follow good security practices for distributing your email address (see
Reducing Spam for more information). Applying email filters may help you
manage unwanted traffic.

How do you know if an attack is happening?

Not all disruptions to service are the result of a denial-of-service attack.
There may be technical problems with a particular network, or system
administrators may be performing maintenance. However, the following
symptoms could indicate a DoS or DDoS attack:
* unusually slow network performance (opening files or accessing websites)
* unavailability of a particular website
* inability to access any website
* dramatic increase in the amount of spam you receive in your account

What do you do if you think you are experiencing an attack?

Even if you do correctly identify a DoS or DDoS attack, it is unlikely that
you will be able to determine the actual target or source of the attack.
Contact the appropriate technical professionals for assistance.
* If you notice that you cannot access your own files or reach any
external websites from your work computer, contact your network
administrators. This may indicate that your computer or your
organization's network is being attacked.
* If you are having a similar experience on your home computer, consider
contacting your internet service provider (ISP). If there is a problem,
the ISP might be able to advise you of an appropriate course of action.
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2004 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed to increase awareness.

Terms of use

http://www.us-cert.gov/legal.html

This document can also be found at

http://www.us-cert.gov/cas/tips/ST04-015.html

For instructions on subscribing to or unsubscribing from this mailing list, visit
http://www.us-cert.gov/cas/signup.html.

Nov 3, 2009

DISA (Direct Inward System Access)

The DISA, Direct Inward System Access, application allows someone from outside the telephone switch (PBX) to obtain an "internal" system dialtone and to place calls from it as if they were placing a call from within the switch.

DISA plays a dialtone. The user enters their numeric passcode, followed by the pound sign (#). If the passcode is correct, the user is then given system dialtone on which a call may be placed.

Nov 2, 2009

My First Riverbed Certification - RCSP


算一算時間,距離上次Riverbed通知我寄送證書的時間還不到一週,今天就收到了國際快遞,這一張是我的第一張Riverbed證書(希望不需再考第二張),不過我才只上了一門Riverbed課程而己呢,所以其實說實話對於Riverbed產品線的掌控程度還是很心虛地…希望能夠儘快去把其他的Riverbed課程上完,加強一下自己對Riverbed產品的了解及不同架構的各種可行解決方案。

不過說實話這份證書上沒有任何的序號或認證編號,其實很容易就可以偽造的說...