Dos & Dos & Dos
Writing here for the first time, hoping kind people here will be able to help me because my data center has failed. Let me explain what is happening to me.
1. DOS ATTACKS : Yes, I am under DOS attack ( I mean my server ). I setup my first ded. server last month and soon after I was DOS attacked. Well, I managed to handle that attack (details later) but I was charged $90 for extra bandwidth and 3 account cancellations. Then 3 weeks lapsed and I was again DOS attacked yesterday. I contact my "dead." center which is Dialtone in this case but like before I am told again that I am at my own. I am told that dialtone can do nothing against DOS attack and I should buy some hardware firewall if I really want to block such attacks.
I want to know:
a. Is my data center free of any responsibility. Are they not supposed to help customers in blocking or at least tracking the attacker? I am refused of ANY help.
b. Is there any authority to whom I should report DOS attack. Is there a way to find the attacker(s).
I will very much appreciate your opinions.
2. BANDWIDTH : My total bandwidth is 65GB and I have only 165 sites. One of the sites is eating the bandwidth and I am unable to catch that site. I wrote a script which calculates the size of the log files of each website and the site having maximum log size is supposed to be 'heavy traffic' site. I stopped the these sites but no effect. MRTG shows the same graph. I am also using windows performance monitor and hooked my NIC card and it also displays the same activity.
Is there any way to catch this site? Any hint, clue, tool etc please?. Please help
Finally, I would like to tell how I blocked DOS attack. May be this would help other helpless chaps.
1. Traced the target IP of my NIC. The target IP was my shared IP.
2. Wrote a script which changed the IPs of all the websites to (All Unassigned).
3. Downloaded system32\dns folder and globally replaced the targeted IP with a new IP. Uploaded this new folder and restarted DNS.
This procedure effectively stopped the DOS attack. I have the script used step 2 if anyone needs. Also, I can write every type of IIS utilities, if someone needs my expertise.
I would like to thank everyone in advance for valuable opinions.
Sincerely,
A miserable young host.
