Restart your PC in DOS mode (NT/Win2k users should boot from cd-rom or setup disks) Use FDISK command to delete all partitions on disk (NT/2k users should follow appropriate prompts in setup program) Power cycle your PC with setup disk in floppy drive or CD-Rom drive as appropriate (switch off, wait 10 seconds, switch on). This applies to all versions of windows including NT and win2k (power cycle after removing partitions, don't worry about still being in setup utility) and ensures that any memory-resident or boot sector virus is removed. Reload your operating system & required drivers from original disks. At this point you'll have a working system with no software installed other than operating system & drivers. Assuming you used only original media, system will be free of any Trojan horse or virus but may not be secure.

Step 4 : Secure your system and load additional software. You now need to obtain and apply latest security patches for your operating system. Ideally you should download these from their source using another machine and apply them from disk. If that is not possible, connect your rebuilt system to internet for minimum period possible to obtain patches you need. Apply them at once. You should be aware that this opens your system to potential compromise while you are downloading patches so keep connection as short as possible. Windows 98,ME and 2000 users can use 'Windows Update' function to automatically update their systems.

Once your system is updated, you can begin installing additional software. Be sure only to use software you know has not been tampered with, ideally from original distribution media. If necessary, download a fresh copy from source and use that. Install software in a logical order, beginning with security-related products (anti-virus, firewall etc.).

Step 5 : Finishing off Once you've installed and configured all your software you are ready to begin restoring data from backups. Before doing so, you may wish to make an image copy of your system using a utility such as Norton's ghost. This will allow you to quickly restore machine to a known clean state in event of future compromise. If you do this, store image on non-volatile media such as CD-Rom. You may also wish to take a 'fingerprint' of files installed on your machine to enable comparison in future. See 'Attack Mitigation' for details on this.

When you eventually restore data, do so gradually especially if you copied files from an infected machine. Virus scan each one first and discard any with unexpected macros.

That's it, your machine is now rebuilt and ready to reconnect to network and internet. It's been a lot of work but you now know for sure that your machine is virus-free and reasonably secure against attack in future.

Attack Mitigation

There are a number of steps you can take to limit damage done by a system compromise. Not all apply to all systems and some require additional software but they can make you life considerably easier if you are unfortunate enough to be hacked.

File Signatures Keeping a database of file signatures can help you pinpoint any files which change unexpectedly. This is often one of first signs of a security breach. You can get free file signature checkers from a number of sources, we suggest WinTerrogate (all versions of windows, basic but effective) from http://winfingerprint.sourceforge.net or LANGuard File Integrity Checker (NT/2000 only, more advanced) from http://www.gfi.com/languard

Image Files Taking an image of your disk regularly can dramatically reduce amount of work involved in recovering from a security breach. The best known tool for doing this is Norton's GHOST although there are other options. You should keep two or three images files on non-volatile media and update them regularly.

Keep data on a separate partition. Keeping your data on a separate partition (ideally on a separate disk) will reduce amount of work needing done if you have to rebuild system. It also makes backing up much easier and can improve overall system performance.

www.str8junk.com

A SYN attack simply buries its target by swamping it with TCP SYN packets. Each SYN packet demands a SYN-ACK response and causes server to wait for proper ACK in reply. Of course, attacker never gives ACK, or, more commonly, it uses a bad IP address so there's no chance of an ACK returning. This quickly hogties a server as it tries to send out SYN-ACKs while waiting for ACKs.

When SYN-ACK queues fill up, server can no longer take any incoming SYNs, and that's end of that server until attack is cleared up. The Land attack makes SYN one-step nastier by using SYN packets with spoofed IP addresses from your own network.

There are many ways to reduce your chances of getting SYNed, including setting your firewall to block all incoming packets from bad external IP addresses like 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255, as well as all internal addresses. But, as SCO discovered, if you throw enough SYN packets at a site, any site can still be SYNed off net.

Brute Force Attacks

Common brute force attacks include Smurf attack and User Datagram Protocol (UDP) flood. When you're Smurfed, Internet Control Message Protocol (ICMP) echo request packets, a particular type of ping packet, overwhelm your router. Making matters worse, each packet's destination IP address is spoofed to be your local broadcast address. You're probably already getting picture. Once your router also gets into act of broadcasting ICMP packets, it won't be long before your internal network is frozen.

A UDP flood works by someone spoofing a call from one of your system's UDP chargen programs. This test program generates semi-random characters for received packets with another of your network's UDP echo service. Once these characters start being reflected, your bandwidth quickly vaporizes.

Fortunately, for these two anyway, you can usually block them. With Smurfing, just setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests should be all you need.

To dam up UDP floods, just block all non-service UDP services requests for your network. Programs that need UDP will still work. Unless, of course, sheer volume of attack mauls your Internet connection.

That's where DDoS attack programs such as Tribe Force Network (TFN), Trin00, Trinity, and Stacheldraht come in. These programs are used to set DDoS attack agents in unprotected systems. Once enough of them have been set up in naÃ?Æ?Ã?¯ve users' PCs, DDoS controller sets them off by remote control, burying target sites from hundreds or even thousands of machines.

Unfortunately, as more and more users add broadband connections without least idea of how to handle Internet security, these kinds of attacks will only become more common.

Deflecting DDoS Attacks

So what can you do about DDoS threats? For starters, all usual security basics can help. You know drill: make sure you have a firewall set up that aggressively keeps everything out except legal traffic, keep your anti-viral software up to date so your computers do not become a home for DDoS agents like TFN, and keep your network software up to date with current security patches. This won't stop all DDoS attacks, but it will stop some of them like Smurfing.

You may not think you need these services, since in a worse case scenario you're still going to get knocked off net. But not every attack will be a massive one with thousands of attackers. For most attacks, these services can definitely help.

And, let's face it, today we have PC's net 24-7. With DDoS attacks on rise, you'd be wise to at least familiarize yourself with DDoS prevention services. After all, it's not only your network in danger, it's your business.