Firewall Wizards mailing list archives
Re: Recent Attacks
From: blyonpop () theshell com
Date: 23 Feb 2000 09:21:57 -0000
On Fri, 18 Feb 2000, Randy B. Samos wrote:
From: "Barrett G. Lyon" <blyon () theshell com>*snip*Is my network disrupted by this attack, and if so should I remove whatever it is that the attacker wants offline? If by removing the target will the attacker stop and if so will this keep my other services online? [ I have found by removing the target the attacker stops nearly immediately. ]*snip* Hmmm. If the object of the attack was a DOS, wouldn't you be helping the attacker reach his/her goals by taking the machine down yourself?
Yes this is the general idea. If the DoS attack is saturating the bandwidth that many other services depend on, perhaps it is a good idea to have the service that is under attack offline in-order to save the rest? A good example would be that if someone is attacking customer's web site, it may be feasible to take that web site temporally offline in the hopes that the attacker will stop the attack. I would consider this a better alternative than having all customers offline. Granted this is not something you do in all cases but it can help in some events. In non-spoofed attacks it is also handy because if the target system is not reachable then some sort of ICMP unreachable will be sent back to the attacking host possibly ending the attack. -Barrett Barrett G. Lyon (NJS) Network Janitor Specialist Have fun: www.AlphaLinux.org [Q]: Hey, do they test this stuff before it's released? [A]: Sure they do... "It compiles, it's ready!"
Current thread:
- Re: Recent Attacks, (continued)
- Re: Recent Attacks Ryan Russell (Feb 21)
- Re: Recent Attacks Crispin Cowan (Feb 21)
- RE: Recent Attacks Joseph Judge (Feb 21)
- Re: Recent Attacks Randy B. Samos (Feb 21)
- Re: Recent Attacks Barrett G. Lyon (Feb 23)
- Re: Recent Attacks Transistor Sister (Feb 21)
- Re: Recent Attacks ark (Feb 21)
- Re: Recent Attacks ark (Feb 21)
- Re: Recent Attacks daN. (Feb 24)
- Re: Recent Attacks David LeBlanc (Feb 23)
- Re: Recent Attacks blyonpop (Feb 23)
- Re: Recent Attacks ark (Feb 24)
- Re: Recent Attacks Paul D. Robertson (Feb 24)
- Re: Recent Attacks Matthew_S_Cramer (Feb 24)
- Re: Recent Attacks David LeBlanc (Feb 24)
- Re: Recent Attacks Darren Reed (Feb 24)
- Re: Recent Attacks Darren Reed (Feb 24)
- Re: Recent Attacks Crispin Cowan (Feb 24)
- Re: Recent Attacks Paul D. Robertson (Feb 24)
- RE: Recent Attacks David LeBlanc (Feb 24)