Security Basics mailing list archives
RE: DOS Attack?
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 29 Nov 2004 13:53:01 -0000
Shaun Have you consider the possibility it's the internal host connecting to the external server? A Trojan (et al)? Try SHOW IP INSECT SESSION See how the connections are being made. (Be care full posting such dumps as they can give a lot away!) Andy -----Original Message----- From: Shawn Wall [mailto:sjwall () shaw ca] Sent: 25 November 2004 02:23 To: security-basics () securityfocus com Subject: DOS Attack? Hi List, I'm currently experiencing network outages due to what appears to be DOS attacks. I'm running a wireless ISP using a Cisco 2611 and CBAC and I have a /24 public address range. During the outage I can see traffic from a single external host sending thousands of packets to a single internal host. I don't have port 80 inbound open in my ACLs so I don't understand how the external host is even able to contact the internal host to begin with. Secondly, how is it possible for an attack on 1 internal host to cripple the rest of my network? Any feedback would be welcome. Thanks. shawn
Current thread:
- DOS Attack? Shawn Wall (Nov 26)
- Re: DOS Attack? Suramya Tomar (Nov 26)
- Re: DOS Attack? Mario Pascucci (Nov 27)
- Re: DOS Attack? Juan Carlos Jimenez Jamett (Nov 27)
- Re: DOS Attack? Anthony Boynes (Nov 27)
- RE: DOS Attack? David Gillett (Nov 29)
- <Possible follow-ups>
- RE: DOS Attack? David Gillett (Nov 29)
- RE: DOS Attack? Andrew Shore (Nov 29)