It's not Doom, but still fun packed hours of killing-spree mayhem. Try Savage. There are both Windows and Linux versions for the same free (as in beer) nearly full-featured demo and low-low buy-in for the full version.
All of those SOHO routers need to be able to do OUTBOUND filtering, too. Duh.
My network has four of those cheap NAT routers; let's not get into that...it's mostly due to upgrading, but they make handy, mindless firewalls in front of the (otherwise) DMZ servers--open the ports for the services offered by the server, leave the rest alone for exploit coverage. Pretty much M$ servers end up behind the DMZ firewalls; also keeps their domain traffic on the high-speed side of the router as the 5 IPs I get with my SOHO service aren't necessarily on the same subnet...wierd.
Only one of the NAT routers has the ability to easily block outbound ports (the Belkin, I think) while all of them can block IPs (forcing a proxy server, I guess?). All of the PCs use this as their default gateway. Very simply block port 25 from machines that shouldn't be sending e-mail. The machiens should use the mail server on the network that does anti-virus and anti-spam checks, and alerts when flooding appears to occur. If the SOHO user doesn't have a mail server, the NAT should allow limiting mail delivery to a specified server, and that server should do the filtering.
Networks (home and office) should have a NAT on it anyway, even if there's only one PC, just to stop the crap the average home user can't figure out. If the $30 is cost prohibitive (why have broadband then...uh, nevermind), drop the free ZoneLabs or similar software firewall in.
Until a better system evolves allowing mail servers to know where it's safe to get mail from, and while it's so simple to create and send e-mail from unwanted or unknown software, just cutting them off should be easy to do. I prefer the NAT manufacturers throw the ability to do that more than I like the idea of my ISP cutting me off.
Thats fantastic. So, do you chat on Instant Messenger while you sleep? On the way home from work? While your in a meeting?
I meant for use at the office. In the original post, the author noted that cellphones were being outlawed at the office, not from life in general. I wasn't suggesting a cellphone alternative, just a supplement.
Of course, the cellphone receives the notices while off-site. It receives them while at the office, too, but in the stated case of no cellphones allowed, that's irrelevant.
IM makes a great alternative. At the office IM's faster then cellphone notification. Probably that instant part... About the time my cellphone beeps its receipt of the message that has finally passed through that system, I've already read the IM and have probably also seen the e-mail alert on the internal mail system.
And, if you're away from your PC, either redirect the message to others, or have it broadcast to someone else who can find you in urgent cases. If you change locations, you can reconnect with IM as you login to other systems.
In the event that I'm in a meeting, I tend to not take my cellphone, or at least not answer it. I'm there for the meeting (like them or not). Any catastrophic failure will probably send a screaming peer to pull half of the attendees away.
Note the original author didn't say anything about additional devices, like your mentioned blackberry, just cellphones. Personal cellphones at that. If the business needs you around the clock, they should certainly provide some means of making you that available, like a provided messaging device.
Not to bicker. I just didn't want to leave you with the impression that I'm an idiot. I may be, but you shouldn't get that from this.
Reading the entire content of their website (all three pages, two of which are PDF, and hey, isn't that a cool count down on the homepage to when the DDOS starts on their site...), it doesn't say that they're couter attacking by return DOS on the systems attacking them. They claim to have a way to identify the system responsible for the attack, and then exact retribution.
I suppose that one could theorize a way monitor the network traffic around the attacking system and attempt to gather information about the zombie traffic, for example. That can't be easy, and perhaps their solution is to sell (or otherwise distribute) monitors for us to put on our systems to aid them in monitoring the networks from which DDOS can be attacking... As Wayne and Garth say cha, right.
Also, doesn't/. sometimes look like a DDOS? Acts like it, maybe. Seems to wipe out more than a few web servers...
Another thing to consider is that it's pretty easy to set up simple database replication if you wanted to have live backups of the data. This could relieve you of the discomfort that comes with database loss, as well as provide the additional warm fuzzies of distributing the work to diverse groups or safely beyond a firewall.
Slashdot Mirror
It's not Doom, but still fun packed hours of killing-spree mayhem. Try Savage. There are both Windows and Linux versions for the same free (as in beer) nearly full-featured demo and low-low buy-in for the full version.
So then I can open my quantum word processor, hit a key, and every letter I meant to type would be there in the right order? Man, that's cool!
All of those SOHO routers need to be able to do OUTBOUND filtering, too. Duh.
My network has four of those cheap NAT routers; let's not get into that...it's mostly due to upgrading, but they make handy, mindless firewalls in front of the (otherwise) DMZ servers--open the ports for the services offered by the server, leave the rest alone for exploit coverage. Pretty much M$ servers end up behind the DMZ firewalls; also keeps their domain traffic on the high-speed side of the router as the 5 IPs I get with my SOHO service aren't necessarily on the same subnet...wierd.
Only one of the NAT routers has the ability to easily block outbound ports (the Belkin, I think) while all of them can block IPs (forcing a proxy server, I guess?). All of the PCs use this as their default gateway. Very simply block port 25 from machines that shouldn't be sending e-mail. The machiens should use the mail server on the network that does anti-virus and anti-spam checks, and alerts when flooding appears to occur. If the SOHO user doesn't have a mail server, the NAT should allow limiting mail delivery to a specified server, and that server should do the filtering.
Networks (home and office) should have a NAT on it anyway, even if there's only one PC, just to stop the crap the average home user can't figure out. If the $30 is cost prohibitive (why have broadband then...uh, nevermind), drop the free ZoneLabs or similar software firewall in.
Until a better system evolves allowing mail servers to know where it's safe to get mail from, and while it's so simple to create and send e-mail from unwanted or unknown software, just cutting them off should be easy to do. I prefer the NAT manufacturers throw the ability to do that more than I like the idea of my ISP cutting me off.
I meant for use at the office. In the original post, the author noted that cellphones were being outlawed at the office, not from life in general. I wasn't suggesting a cellphone alternative, just a supplement.
Of course, the cellphone receives the notices while off-site. It receives them while at the office, too, but in the stated case of no cellphones allowed, that's irrelevant.
IM makes a great alternative. At the office IM's faster then cellphone notification. Probably that instant part... About the time my cellphone beeps its receipt of the message that has finally passed through that system, I've already read the IM and have probably also seen the e-mail alert on the internal mail system.
And, if you're away from your PC, either redirect the message to others, or have it broadcast to someone else who can find you in urgent cases. If you change locations, you can reconnect with IM as you login to other systems.
In the event that I'm in a meeting, I tend to not take my cellphone, or at least not answer it. I'm there for the meeting (like them or not). Any catastrophic failure will probably send a screaming peer to pull half of the attendees away.
Note the original author didn't say anything about additional devices, like your mentioned blackberry, just cellphones. Personal cellphones at that. If the business needs you around the clock, they should certainly provide some means of making you that available, like a provided messaging device.
Not to bicker. I just didn't want to leave you with the impression that I'm an idiot. I may be, but you shouldn't get that from this.
Heck, you're probably sitting at your PC now...
If we call that a "Permanent Catastrophic Denial of Service" attack can we call it PC-DOS?
I suppose that one could theorize a way monitor the network traffic around the attacking system and attempt to gather information about the zombie traffic, for example. That can't be easy, and perhaps their solution is to sell (or otherwise distribute) monitors for us to put on our systems to aid them in monitoring the networks from which DDOS can be attacking... As Wayne and Garth say cha, right.
Also, doesn't /. sometimes look like a DDOS? Acts like it, maybe. Seems to wipe out more than a few web servers...
Another thing to consider is that it's pretty easy to set up simple database replication if you wanted to have live backups of the data. This could relieve you of the discomfort that comes with database loss, as well as provide the additional warm fuzzies of distributing the work to diverse groups or safely beyond a firewall.