Which action should an incident responder avoid while restoring the network after a DoS/DDoS attack?

An incident responder should avoid stopping the Border Gateway Protocol (BGP) when restoring the network after a DoS/DDoS attack because BGP is critical for routing traffic between networks on the internet. Stopping BGP can lead to significant disruptions in network communication, as it may prevent the proper routing of data to and from the affected network. This can exacerbate the impact of the attack, potentially isolating the organization from other networks and causing additional downtime.

By keeping BGP operational, responses can focus on mitigating the effects of the attack without further complicating the network infrastructure or hindering recovery efforts. In contrast, reinstalling the operating system, resetting network devices, or changing security policies may be necessary steps taken to eliminate any backdoors or vulnerabilities exploited during the attack and to strengthen the overall security posture of the network post-incident. However, BGP must remain functional to ensure that traffic can flow appropriately during recovery.