Security Basics mailing list archives

RE: DOS Attack?

From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 29 Nov 2004 13:53:01 -0000

Shaun

Have you consider the possibility it's the internal host connecting to
the external server?

A Trojan (et al)?

Try SHOW IP INSECT SESSION

See how the connections are being made.

(Be care full posting such dumps as they can give a lot away!)

Andy 

-----Original Message-----
From: Shawn Wall [mailto:sjwall () shaw ca] 
Sent: 25 November 2004 02:23
To: security-basics () securityfocus com
Subject: DOS Attack?

Hi List,

I'm currently experiencing network outages due to what appears to be DOS
attacks. I'm running a wireless ISP using a Cisco 2611 and CBAC and I
have a
/24 public address range. During the outage I can see traffic from a
single
external host sending thousands of packets to a single internal host. I
don't have port 80 inbound open in my ACLs so I don't understand how the
external host is even able to contact the internal host to begin with.
Secondly, how is it possible for an attack on 1 internal host to cripple
the
rest of my network? Any feedback would be welcome. Thanks.

shawn

Current thread:

DOS Attack? Shawn Wall (Nov 26)
- Re: DOS Attack? Suramya Tomar (Nov 26)
- Re: DOS Attack? Mario Pascucci (Nov 27)
- Re: DOS Attack? Juan Carlos Jimenez Jamett (Nov 27)
- Re: DOS Attack? Anthony Boynes (Nov 27)
- RE: DOS Attack? David Gillett (Nov 29)
- <Possible follow-ups>
- RE: DOS Attack? David Gillett (Nov 29)
- RE: DOS Attack? Andrew Shore (Nov 29)