The majority of attacks done when undergoing a DDoS attack (Distributed Denial of Service Attack) are usually distributed (hence the term) within hundreds, if not thousands, of IP addresses, such that it's hard to simply block an errant IP in order to keep the DDoS from crippling your computer or system.
With that said, if you're instead being hit by a solitary DoS attack (Denial of Service attack) by some script kiddie that was able to download a hacking tool from the Internet on the guise that he's a "l33t h4x0r", then it's easier to block his IP and learn who's doing it to boot.
These programs typically enable anyone... even users with zero technician and technological knowhow... to DoS attack anyone.
All they need is your IP address, and that's it.
As long as the one doing the DoS isn't spoofing his IP address (or even blocked it), then you can block him from access of your IP using another handy program called TCPView.
This application is capable of displaying all endpoints or current connections to your machine.
This function is quite useful when it comes to determining the origin of the DoS attack; it at least gives you a hint (usually it's the connection that's being displayed hundreds of times, thus identifying the culprit).
After you've gone through IP address identification, you can look up the owner of the address through www.whois.sc in order to find out the ISP of the invader so that you can go through legal routes in having the man responsible get his account closed and whatnot.
ISPs do not tolerate such actions and have been known to ban users who do this because this is in direct violation to their terms of agreement.
ISPs in this case are your allies instead of enemies because they're usually unaware that their clients are abusing their ISP-related privileges.
As soon as you explain the situation to them or their representatives, they're most likely to help.
It's important to also take note that DoS and DDoS attacks will start slowly then explode gradually as time passes by, so you should be able to plan your own course of defense before the DDoS proceed to annihilate your servers with packets and packets full of resource-hogging data.
Don't misidentify these attacks as problems with your own ISP, though. Always make sure to use programs like TCPView and your own command prompt to ensure that what you're dealing with is truly a Denial of Service attack.
In particular, "pinging" websites like Google.com to determine if your system truly is crippled by a DoS should be useful in finding out that you're being attacked. More information Penetrator Vulnerability Scanner.
➤ Related Pages