What kind of router? ...and what kind of net connection do you have? There is a lot that you can do, but more information is needed to help you. (How are you sending email now?)
If it is a Cisco router you can check and see what's going on right there on the router. If the router can reach out then you problem might be internal LAN problem. You can also ping between your internal lan hosts to see if they can reach each other. If not you need to do a divide-and-conquer on the internal LAN hub(s) and/or switch(es). Try: ping <ip address> (where "<ip address>" is an ip address you know that is good. If DNS resolution works you can "ping www.yahoo.com" or such. A good ip to ping is your ISP's end of your Internet connection. In other words your ISP's router ip.) Check and see if your line protocol is up on the router. Try: show ip int br (to see what interfaces you have for ip) show int s0 (an example, assuming your interface to the world was Serial 0 or "s0") That should output something like: Serial0 is up,line protocol is up (and a whole lot more stuff, but the most important is the interface is UP or DOWN and the line protocol is UP or DOWN. If it's down it may be time to call your chief network guy or call your ISPs Network Operation Center.) You can "bounce" and interface by taking it down manually and then bringing it back up again... (Cisco - you need "enable" password) ena Password: ***** Cisco# conf t Cisco(Config)# int s0 Cisco(Config-if)# shutdown (then count to 10 or 20) Cisco(Config-if)# no shutdown Cisco(Config-if)# ^Z (control-z) (then try the show int s0 again...) P.S. If you suspect a DoS attack, you need to find out what kind of DoS attack it is/was. One old typical one was the Smurf ... which can be prevented by not allowing directed broadcasts. I have lived through some Smurf attacks myself on a small/mid sized network. If you have LAN switches such as 3com or Cisco, you will see the activity lights on the switches throb as you are inundated with directed broadcasts which every one of your hosts responds to. I you don't have a firewall ... you should consider one. Routers can also be configured with "access-list"s to act as sort of a firewall. ------------------------------------------- Alan G. Spicer - CCNA |Unix, Linux, & ([EMAIL PROTECTED]) |Network Systems http://aspicer.dns2go.com/ |Administration ([EMAIL PROTECTED]) | ------------------------------------------- Visions of Fiber Optic Sugar Plums Dance in your Head. ------------------------------------------- -----Original Message----- From: Tom Le [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 17, 2001 1:13 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: recover from possible DOS attack! Gavin, Try doing a traceroute to your router's IP address and see if you can connect. You can use one of the traceroute servers on traceroute.org, or one of my favorites is http://visualroute.visualware.co.uk/ which gives you a visual view and more info on performance, any blocked traffic, etc. Tom | -----Original Message----- | From: Gavin [mailto:[EMAIL PROTECTED]] | Sent: Wednesday, October 17, 2001 8:13 PM | To: [EMAIL PROTECTED] | Subject: recover from possible DOS attack! | Importance: High | | | Help! | | I work at a small company and for the last 4 days our small network (4 | computers!!!) could not and still can not get online, I told my | boss it might | be a DOS (Denial of service) attack. all the files seem to be OK | but I just | cant get donline, Question, how do you recover from this type of | attack?? | | The OS's are Windows ME and windows 2000 the other boxes are | linux (Mandrake | and RedHat) all connected via a router. My friend told me to | just reset the | router connection (internet connection) and all will be well, | but I just want | some expert advice before doing so. I hope to hear from someone soon. | | Sincerely | | Operator (Gavin) | Fukushimaken, Fukushima City | Japan |
