Solution to Prevent the D-DOS Attack

Similar Messages

• Solution to Prevent the DOS Attack

  Hello Experts,
  We  have our Production Servers placed at ISP DC where we are using Cisco  ASA firewall model 5505 and all the servers placed behind the  firewall.The bandwidth we have 100 MBPS and there is no IPS device in  between.
  Since  long time, we have been experiencing some network issues and recently  we detected the D-DOS attack affecting our Prod Services and now we are  looking to have a solution to mitigate the attack.
  Can somebody please suggest the solution which must be cheapest in the terms of COST to get this attack stopped?
  We contacted to Radware on this but the solution that they are recommending is too expensive.
  Can we achieve the solution by implementing the Cisco IPS module/appliance and will it work to prevent the D-DOS attack?
  Whatever  best solution you can recommend then please suggest and an early  response on this would be highly appreciated as we need to have a quick  solution.
  Thanks.

  Hello Ray,
  Hope you are doing fine.
  Okay the less expensive:
  1- Using the MPF on the ASA set the limits for the amount of connections open to a server or the embryonic connections.
  http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075
  One a little bit more expensive:
  2- Get the IPS module and prevent that by enabling the required signatures.
  Side note: I would recommend you talking about this problem with your ISP so you can avoid getting this overload of traffic on your outside interface so bandwith can be used on the right traffic and connections.
  Regards,
  Julio Carvajal      

• HT1277 my mail will not open after I click on mail.when I try to shut down my laptop ,it wouldn't  telling that mail is preventing the computer from shutting down,asking to quit Mail and when I do mail dose not quit

  my mail will not open after I click on mail.when I try to shut down my laptop ,it wouldn't  telling that mail is preventing the computer from shutting down,asking to quit Mail and when I do mail dose not quit

  Mail is open but it is frozen, being this the reason why you cannot open the Mail window. Press Alt, Command and Esc keys or go to  > Force Quit, select Mail and force quit it. Finally, you will be able to turn off or restart the MacBook

• [svn:bz-trunk] 23156: preventing pass through as current solution is breaking the AMF message format

  Revision: 23156
  Revision: 23156
  Author:   [email protected]
  Date:     2011-10-28 12:28:39 -0700 (Fri, 28 Oct 2011)
  Log Message:
  preventing pass through as current solution is breaking the AMF message format
  Modified Paths:
      blazeds/trunk/modules/core/src/flex/messaging/io/amf/SerializedObject.java

  Ok problem solved...
  Basically I was calling one ResultSet after another. Thanks to the Database Broker's structure, this was killing the first ResultSet. I fixed up the loops so that ResultSets were only ever called just before they were needed, and it fixed the problem. The only other errors were simple logic faults which I drummed out in short order. Thanks for the help everyone!

• Stopping DOS Attacks - Methods?

  Does anyone have any helpful tips on stopping Denial of
  Service attacks. What is mean is this --
  If someone sits there in their browser and hits REFRESH 100
  times on a page that requires a lot of database interactivity, it
  can bring down your server pretty quick. ColdFusion connections sit
  in a queue and keep running and running and running.
  Is there a way that if someone hits REFRESH on a page, that
  it stops the query that is running and starts it again for that
  user?
  Looking forward to some thoughts on this.
  Sincerely,
  Ray

  rmajoran wrote:
  > Does anyone have any helpful tips on stopping Denial of
  Service attacks. What
  > is mean is this --
  >
  > If someone sits there in their browser and hits REFRESH
  100 times on a page
  > that requires a lot of database interactivity, it can
  bring down your server
  > pretty quick. ColdFusion connections sit in a queue and
  keep running and
  > running and running.
  >
  > Is there a way that if someone hits REFRESH on a page,
  that it stops the query
  > that is running and starts it again for that user?
  >
  > Looking forward to some thoughts on this.
  >
  > Sincerely,
  > Ray
  >
  Make use of data and response caching techniques so that the
  page does
  not need to be completely re-built for each and every
  identical request.
  Make use of form validation that prevents the resubmitting of
  forms.
  Make use of web server and|or router techniques that mitigate
  DOS type
  attacks.

• How to prevent the logging of a single field in XI ?

  Hi Guys,
  we have developed the interfaces for payment card services using the Enterprise services and the major problem what we are facing is to prevent the logging of the 3 digit security code in XI.
  According to the payment card industry standards you should not store it as well as you should not encrypt this 3 digit CVV code.
  Is there any way we can prevent the logging of this single field in XI ?
  Is it possible if we develop our own custom adapters then we can acheive this ? Do we have full control over the DB in the custom adapters?
  any help or suggestions or other alternatives would be really appreciated. I want to hear some solution from the experts.
  Thanks in advance,
  Srini

  Hi Beena,
  You can encrypt the credit card no and SSN and that should not be a problem, but you should not store or encrypt the CVV no.
  as i said we have our own tools many customers are using with respect to RFCs where you can encrypt and decrypt the card numbers and also not storing the values of CVV.
  The above scenario works fine with no issues and it is according to the PCI standards. If you use PI 7.1 and use adaptive controlling the values are stored at a single place ie you can acheive single persistance and even this will not be our solution.
  Advanced Adapter Engine Configuration in PI 7.1
  with the single persistsnce, if there is a adapter module or custom adapter which takes the payload and prevents the stroage of the value of a single field then it would be our solution.
  Thanks,
  Srini
  Edited by: Srinivas Reddy on Aug 20, 2008 7:42 PM
  Edited by: Srinivas Reddy on Aug 20, 2008 7:57 PM

• Is it possible to prevent the history from moving entries up to the top of the list when a site is revisited, and why does it only do this sometimes?

  * Sometimes the history appears to compile previous visits to a site into only the entry for the most recent visit, but other times it does not. In other words, sometimes when a site is re-visited, the history will move a previous visit to that site out of the existing chronological sequence and put it at the top. What makes the difference in whether it does this or not, and is there any way to prevent the consolidating of information this way? I am using using Firefox v.27, Windows 7.
  I would like things to be in true chronological order for the possibility of accurately tracking previous activity, and for that purpose do not mind having the duplicate entries. Possible successful solutions might be in areas 1-3 below, and I would appreciate any suggestions.
  1. Are there any preferences in 'about:config' that apply to this? I could not find any.
  2. Are there other ways of getting this type of record, e.g. some other computer log, program, or add-on?
  3. What are some of the most accurate records of one's own internet browsing activity that one can make or obtain, with or without the browser's history function, if anyone knows?
  Thanks.

  Firefox normally only shows the most recent visit to a specific URL, so you would have to do extra effort to make older visits visible (place:sort=4&type=1).
  *https://developer.mozilla.org/en/Places_query_URIs
  See also:
  *http://www.nirsoft.net/utils/mozilla_history_view.html

• Does anyone know of a VI or how to go about writing one that will prevent the computers time/date from being disabled while an application is running.

  Does anyone know of a VI or how to go about writing one that will prevent the computers clock/time from being disabled while an application is running. The time and date can normally be reset while an application is running by clicking on the time/date in the lower right-hand corner of the computer screen. I have an application that runs over several days and it is critical that the time and date of the computer not be changed. Is there an easy way to lock this out from the user? Note that I am what I consider an advanced beginner in LV.
  Thank you,
  Chuck
  Solved!
  Go to Solution.

  That is not something you can do from LabVIEW, as it is an operating system operation, and it will depend on the operating system that you're using. On Windows you can use a group policy to control this. Please Google on "prevent time and date change in windows".
  Also, please try to refrain from stuffing your entire message in the subject block. Keep the subject short, but descriptive enough so it can be understood what you are basically asking. Thanks.

• F110 - How to prevent the creation of DME file in Proposal Step

  Hello,
  I would like to prevent the creation of DME file in Proposal Step of Payment Run (F110).
  Is it possible to suppress "Create Payment Medium" checkbox?
  Many Thanks

  If you are using the Payment Medium Workbench, there is perhaps a solution:
  I found the following code in function module FI_PAYMEDIUM_OFX_20
  * We abort the payment if the data is from a payment proposal. With
  * OFX we can pay only if the data does not come from a payment
  * proposal.
    IF I_FPAYH-XVORL = 'X'.
      MESSAGE E404 WITH I_FPAYH-LAUFD I_FPAYH-LAUFI
          RAISING CANCEL_PAYMENT_MEDIUM.
    ENDIF.
  So I think it may be possible to solve your problem by using the event modules in transaction OBPM3, with your own function module based on the code given above. I have not tested such solution and I have no experience with these events, but I'm currently trying to use them for another problem.

• How to prevent the save message when program exit vi is used

  I am using the Quit LabVIEW vi and am getting the Save/Don't Save/Cancel dialog each time the operator quits the program.  The reason is objects on the screen have been resized.  The vi properties for window appearance are scroll bars off.  This is a base development package so the program runs in the environment.  I would like to allow the operator to exit without seeing this message.  LV 8.5, Win XP
  Thank you.
  Solved!
  Go to Solution.

  sfm,
  The best way to do this is by incorporating a source code control depository.  Set your LabVIEW.ini options to configure the source code control and to treat read only vi's as locked.  Edits will only be allowed if the code is checked out of source code control and that prevents the operator moving or resizing the FP objects accidentally.  You should not allow your operators to make code changes!  Operators operate, developers edit code.  It is common to have operators who are also developers BUT, the functions must be kept separated.  
  What I mean is that the user is either trying to make the code do what it needs to do (developing - so code changes are desirable.) OR the user is trying to use the code to do its intended function (operating - so code change is not just undesirable, it is BAD!)
  The pop-up is not just annoying, it indicates that code control does not exist! You need better logistics to prevent code maintenance headaches of biblical proportions.
  Jeff

• Photoshop CC 2014 - "Could not complete your request because something prevented the text engine from being initialised".

  This problem has just started, only with CC 2014. It doesn't happen with CC or CS6.
  When I open a particular layered file, then Duplicate it, then close the original Master file I get the "text engine" warning box when I try to enter text in the copy file.
  If I enter text in the original Master file - no problem.
  If the Master file is still open and I try to enter text in the copy file  - no problem.
  I've validated all my fonts in Font Book, deleting all the duplicates and one corrupt font. No change to problem.
  I've gone to User/Library/Application Support/Adobe/Adobe Photoshop CC2014/ and trashed the CT Font Cache folder. No change to problem.
  I've run PS Update.
  Running OS 10.9.3.
  Any suggestions?

  I'm having the same issue on my work computer. I found this info in Adobe's help section.
  Issue
  When you use the Type Tool, you receive the following error:
  "Could not complete your request because something prevented the text ending from being initialized."
  To the top 
  Solution
  Close Photoshop, clear the font cache, and restart.
  Exit Photoshop.
  In Windows Explorer, navigate to the Users/[user name]/AppData/Roaming/Adobe/Adobe Photoshop CC/CT Font Cache folder.
  Move these two files to the Recycle Bin:
  AdobeFnt_CMaps.lst
  AdobeFnt_OSFonts.lst
  Empty the Recycle Bin.
  Restart Photoshop.
  To the top 
  Additional information
  This issue can occur after you uninstall and reinstall Photoshop several times.
  Text Engine error using type tool in Photoshop CC | Windows 8

• Error: prevented the text engine from being initialized

  I am getting the following error when attempting to use the text tool with my photoshop (12.0) - windows 7.
  "could not complete your request because something prevented the text engine from being initialized"
  I've attempted to follow some posts from others to fix without success.
  There are two fonts in my fonts folder that are shortcuts - and the fonts don't exist in the folder. Also, I can't delete the shortcut font from the fonts folder.
  (I'm posting this now... and might have a solution. Just in case, I want this conversation started.)
  TIA,
  Greg

  Usually that means that you have a corrupt font or a corrupt OS font cache.
  See this document for more troubleshooting steps: http://helpx.adobe.com/photoshop/kb/troubleshoot-fonts-photoshop-cs5.html
  Also, make sure you have all the Photoshop updates installed.

• How can I prevent the flushing of the buffer until the playing is finished in AS3?

  How can I prevent the flushing of the buffer until the playing is finished in AS3?
  Is it possible?
  The buffer is emptied and flushed 10-11 seconds before the real end of the flv file.
  The file is locally saved and I stream it though crtmp server.
  I cannot seek the last 10 seconds because of empty buffer. How can I stop flash from flushing the buffer at end?

  i used the same code and i got it working correctly...
  thanx a lot fot it...
  now i have one more problem with it.
  Actually i created a new class 'ErrorDialog' and the function showErrorDialog() inside it.
  now i want the option YES_NO_OPTION and the function sayshowMsgDialog() returning int value indicating the option selected from the dialog box.
  I tried it with following code
  public
  static
  int
  confirmDialog( String message_in, Component parent_in, String title_in,
  int messageType_in )
  try
  JOptionPane pane = new JOptionPane( message_in, messageType_in,
  JOptionPane.YES_NO_OPTION );
  JDialog dialog = pane.createDialog( parent_in, title_in );
  dialog.setResizable( false );
  dialog.show();
  int optionType = -1;
  try
  optionType = ( ( Integer )( pane.getValue() ) ).intValue();
  catch( Exception ee )
  optionType = -1;
  dialog.dispose();
  return optionType;
  catch( Exception e )
  e.printStackTrace();
  but, since return is after dispose() it is throwing an error 'missing return value'
  can i get some kind of solution for this?
  waiting eagerly...........
  -Soni

• How can I prevent the MediaTracker waitForID method from blocking?

  Hi everyone:
  I am writing an application that deals with various image file formats with the help of the JIMI package (available at http://java.sun.com/products/jimi/). Everything works fine except for the Targa format. When I generate an Image object as follows (url is a valid URL object):
  Image image = Jimi.getImage(url);
  ImageIcon icon = new ImageIcon(image);the program execution blocks at the second line above. I searched the ImageIcon source code for some clues, which led me to the following ImageIcon method (tracker is a MediaTracker object, a static property of ImageIcon):
  (01) protected void loadImage(Image image) {
  (02)   synchronized(tracker) {
  (03)     tracker.addImage(image, 0);
  (04)     try {
  (05)       tracker.waitForID(0, 0);
  (06)     } catch (InterruptedException e) {
  (07)       System.out.println("INTERRUPTED while loading Image");
  (08)     }
  (09)     loadStatus = tracker.statusID(0, false);
  (10)     tracker.removeImage(image, 0);
  (11)
  (12)     width = image.getWidth(imageObserver);
  (13)     height = image.getHeight(imageObserver);
  (14)   }
  (15) }The program blocks at line (05) above. I peeked into the MediaTracker class source code, which brought me to determine that the image loading process never finishes. The symptoms are as follows:
  (1) When I perform a c.checkImage(image, null) where c is some Component, I always get a result of 7, which translates to the following combination of ImageObserver constants:
  WIDTH | HEIGHT | PROPERTIESAs matter of fact, the dimensions are indeed determined correctly. However, when the loading process terminates, the checkImage result includes ALLBITS or FRAMEBITS in case of success, ABORT or ERROR in case of failure. None of these bits is ever turned on whenever I try to load a Targa image.
  (2) When I get to the MediaTracker source code, I see that when none of the four bytes above is set, the internal MediaTracker status has the MediaTracker.LOADING bit turned on (nothing abnormal here). And the waitForID method terminates precisely only when this bit is turned off!
  Logically, if the loading process fails for some reason, I should expect to get an error response so that I can go further in code execution. However, since the loading process never terminates, everything stays blocked at the waitForID method invocation.
  Is there an efficient way to detect such a hidden loading error without letting my program go into the waitForID endless loop? In other words, going back to the first two lines of code of this message, how could I detect that an Image loading process will not terminate before calling the ImageIcon constructor?
  Thanks in advance for any useful help...
  Jean-Fran�ois Morin

  Hi:
  I tried precisely your suggestion before posting my message to the forum yesterday. I just forgot to mention it... Maybe I was afraid of increasing my message length more and more...
  I already know that this solution prevents the MediaTracker from blocking. However...
  (1) If they reach a troublesome image (like a Targa), the users of my application might not be pleased by its freezing for 10 seconds. Actually, this image loading module is part of an architecture for database applications from which my development team and I produce applications for various customers. Images are used, in particular, in Oracle BLOB support.
  (2) If I use a smaller timeout delay, I have no guarantee that any image, whatever its length, will load properly (Targa excluded, of course). According to tests I performed yesterday, I am virtually sure that the 10-second delay will be busted very easily by pictures larger than 1 Mb. I cannot overlook this potential problem: an Oracle BLOB can contain up to 2 terabytes of data!
  On the other side, I don't want to focus too much the attention on the JIMI Targa import filter because I know that a revised version of the JIMI and JAI packages will be part of JDK 1.4. This is why I am trying to figure out what is happening in the MediaTracker and Toolkit classes, which are much more fundamental than the Jimi ones...
  Thanks anyway...
  Best regards,
  Jean-Fran�ois Morin

• Preventing Denial of Service attacks.

  Hi.
  I'm concerned about Denial of Service attacks on my SOAP service. It would be
  quite easy for a user to send massive messages to my service and cause my server
  to run out of memory. What I would like to do is put a filter in front of the
  SOAP service that could authenticate based on the client's session before the
  SOAP message was handled. I can't, however, see any mechanism for putting filters
  in front of SOAP services (I'm using Weblogic 7.0). The documentation does mention
  that if I enable HTTP sessions then requests are forwarded through a servlet,
  so it should theoretically be possible (if a bit of a hack possibly) to put a
  filter in front of this, right?
  An alternative is to authenticate in a SOAP request handler, although my understanding
  is that by this stage the entire message has been parsed, so this doesn't really
  solve my problem (does it?)...
  I'm aware that I could use Basic or SSL authentication to control access to the
  service, but I'm trying to avoid these approaches. Am I stuck with them though?
  Thanks.
  Neil.

  Hi Neil,
  Yes, for security and "isolation" reasons.
  I'm finding it more and more that the OA&M guys, are wanting to isolate Web service
  J2EE applications from other "traditional" J2EE applications, because what they
  do is well -- unpredictable :-)
  Setting up virtual hosts, allows you to set MaxPostSizes, independently. It also
  has some other perks, but that's a whole other story.
  If you are concerned about "concurrent posts", you should invest in putting a
  load balancer (or WLS Proxy) in front of the Web service.
  Regards,
  Mike Wooten
  "Neil Ferguson" <[email protected]> wrote:
  >
  Oh yeah, another thought. It probably won't do me much good restricting
  the size
  of HTTP posts if I can't also restrict the number of concurrent posts
  that are
  made. Do you know of any way to do this for my service?
  "Michael Wooten" <[email protected]> wrote:
  Hi Neil,
  Yes, DOS attacks are definitely a concern for enterprise-class Web services
  Ironically, some of these can happen "unintentionally", with thingslike
  SOAP
  attachments. You publish a WSDL that says your WLS Web service accepts
  "binary"
  attachments, and the next thing you know someone is sending you disk2.zip
  (571,687KB),
  of Oracle 9i Enterprise Edition :-) This was propably a "mistake", of
  course,
  but that doesn't matter because you're probably going to have bounce
  your J2EE
  app server to "recover", anyway.
  However, using a Servlet Filter won't really help you. You need to limit
  the size
  of HTTP POST requests that the J2EE Web Container accepts. I would even
  go one
  step further, and create a Virtual Host to run the WLS Web Service in.
  In WLS
  8.1, you do this by following the instructions at this links:
  http://e-docs.bea.com/wls/docs81/ConsoleHelp/virtual_hosts.html#1104939
  http://e-docs.bea.com/wls/docs81/ConsoleHelp/domain_virtualhost_config_http.html
  These links tell you how to target the Web Service (actually the .war
  for it)
  to the Virtual Host. They also tell you how to set the MaxPostSize and
  MaxPostTimeSecs
  attributes, to avoid "intentional" and "unintentional" DOS attacks :-)
  Regards,
  Mike Wooten
  "Neil Ferguson" <[email protected]> wrote:
  Hi.
  I'm concerned about Denial of Service attacks on my SOAP service. It
  would be
  quite easy for a user to send massive messages to my service and cause
  my server
  to run out of memory. What I would like to do is put a filter in front
  of the
  SOAP service that could authenticate based on the client's session
  before
  the
  SOAP message was handled. I can't, however, see any mechanism for putting
  filters
  in front of SOAP services (I'm using Weblogic 7.0). The documentation
  does mention
  that if I enable HTTP sessions then requests are forwarded througha
  servlet,
  so it should theoretically be possible (if a bit of a hack possibly)
  to put a
  filter in front of this, right?
  An alternative is to authenticate in a SOAP request handler, although
  my understanding
  is that by this stage the entire message has been parsed, so this doesn't
  really
  solve my problem (does it?)...
  I'm aware that I could use Basic or SSL authentication to control access
  to the
  service, but I'm trying to avoid these approaches. Am I stuck withthem
  though?
  Thanks.
  Neil.