DoS attack or not?
by Superskull85 - 5/17/13 4:08 PM
For the last week I have been having problems with Internet connectivity inside a small network I manage. It just recently occurred to me that my problems may not be internal (as in problems with routers, switches, etc.) but instead maybe because of DoS attack.
I am not currently inside the network to run tests and I don't have a whole lot of experience dealing with larger scale attacks. I would rather my problems not be because of a DoS attack so I am hoping that by posting this topic I may get some other probable causes. I will only provide information as long as it does not compromise the network.
Let me start with some symptoms. Using a static IP address Internet connectivity will stay up anywhere from 1-3 hours at a time. During the time connectivity is available it could go down for 5-10 minutes a couple of tmes until connectivity is lost until I restart the network. Once the network is restarted connectivity is restored and all traffic (inbound and outbound) goes and comes successfully.
If I change IPs, update DNS records with my domain and restart the network connectivity will be restored for about 24 hours until connectivity is again lost.
If I change IPs but do not update DNS records with my domain I can maintain connectivity for an extended period of time. This usually works best with a dynamic IP setup.
I originally thought this was an issue with our main router. I updated the firmware after reading a note about older versions not reliably obtained an IP from ISPs (it was a very summarized note). That did not solve the issues and connectivity went down again within about 1 hour. After that downtime I switched to backup router and that too went down but without 2 hours.
Internal connectivity never drops and after consulting with my ISP (on another issue, somewhat related) they were able to ping my modem but would have some packet loss with our network connected. When our network is not connected they can ping the modem and get zero packet loss
After fiddling with the networking equipment I began thinking about DoS attacks. My issues seem to fit a DoS attack but the packet issue I described last makes me think otherwise.
So can anyone provide another possible reason for these symptoms? I can provide more information as long as it does not compromise the network. I am not physically within the network at the moment so I may not be able to run tests and such.
Any suggestions would be appreciated.