Security Incidents mailing list archives
Re: streams of fragments...
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Thu, 19 Jul 2001 10:06:32 +1200 (NZST)
On Wed, 18 Jul 2001 12:23:36 -0300 (ADT) Gamble <a629w () unb ca> wrote:
This sounds like a DOS attack. By sending you many fragmented packets the attacker could consume a lot of the memory on your machine. You could counter this by blocking all IP fragments on your firewall, but that would also prevent legitimate activities. The attacker is most likly spoofing the IP addresses which you are seeing, so if it is a DOS, tracking it down will be difficult.
No, the packet rate is far too slow -- in the order of packet per hour. Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- streams of fragments... Russell Fulton (Jul 17)
- Re: streams of fragments... Gamble (Jul 18)
- Re: streams of fragments... Jose Nazario (Jul 18)
- Re: streams of fragments... Dug Song (Jul 18)
- Re: streams of fragments... Russell Fulton (Jul 18)
- Re: streams of fragments... Jose Nazario (Jul 18)
- Re: streams of fragments... Burak DAYIOGLU (Jul 18)
- <Possible follow-ups>
- RE: streams of fragments... Portnoy, Gary (Jul 18)
- RE: streams of fragments... Rich Ostergard (Jul 18)
- Re: streams of fragments... Gamble (Jul 18)