276 Chapter 11 ■ Denial of Service
DoS Defensive Strategies
Let’s look at some DoS defensive strategies:Disabling Unnecessary Services You can help protect against DoS and DDoS attacks by
hardening individual systems and by implementing network measures that protect against
such attacks.Using Anti-Malware Real-time virus protection can help prevent bot installations by
reducing Trojan infections with bot payloads. This has the effect of stopping the creation of
bots for use in a botnet. Though not a defense against an actual attack, it can be a proac-
tive measure.Enabling Router Throttling DoS attacks that rely on traffic saturation of the network can
be thwarted, or at least slowed down, by enabling router throttling on your gateway router.
This establishes an automatic control on the impact that a potential DoS attack can inflict,
and it provides a time buffer for network administrators to respond appropriately.Using a Reverse Proxy A reverse proxy is the opposite of a forward or standard proxy.
The destination resource rather than the requestor enacts traffic redirection. For example,
when a request is made to a web server, the requesting traffic is redirected to the reverse
proxy before it is forwarded to the actual server. The benefit of sending all traffic to a mid-
dleman is that the middleman can take protective action if an attack occurs.Enabling Ingress and Egress Filtering Ingress filtering prevents DoS and DDoS attacks by
filtering for items such as spoofed IP addresses coming in from an outside source. In other
words, if traffic coming in from the public side of your connection has a source address
matching your internal IP scheme, then you know it’s a spoofed address. Egress filtering
helps prevent DDoS attacks by filtering outbound traffic that may prevent malicious traffic
from getting back to the attacking party.