Security Incidents mailing list archives
Re: Timing of DoS and Intrusion attempts.
From: Brian Mitchell <brian () atlanta-bsd org>
Date: Mon, 28 May 2001 15:40:54 -0400 (EDT)
On Mon, 28 May 2001, Patrick Andry wrote:
I am trying to get a profile of a typical DoS and intrusion attempt, and would like input on the times which these attacks occur. Invariably they will follow Murphy's Law, being when the administrators are gone home for the night, or stuck in an elevator, and I understand that the Internet is a 24/7 Superstore, but there must be some correlation to the timing of these attacks.
Remember, there are three kinds of lies: lies, damn lies, and statistics. That said, there is a lot of work that could be done in this area. I think a large-scale time based statistical study would be interesting, the problem is how to get a large enough sample size of data. In many cases, the victim does not really know when the attack took place. Unsuccessful intrusion detection logs are another possibility. Also, time of year is relevant too, along with weekend/holiday vs normal business day. There are a large number of factors which should be considered.
Assuming we can find some form of correlation between the time of the attack on both the target computer and the source computer, the possible damage (A DoS attack is not as effective when your target audience is asleep), and the type of attack, it may make it easier to guess where the
This, i tend to disagree with. DoS attacks are typically sustained attacks. When a sustained attack starts is probably not really relevant, I tend to think it would not be during main business hours, though.
attacker originated from, if they are relaying through a server somewhere else, etc...
Maybe. Have you read Firewalls & Internet Security and/or the papers relating to the attack it discusses? They might be interesting, if somewhat dated.
Current thread:
- Timing of DoS and Intrusion attempts. Patrick Andry (May 28)
- Re: Timing of DoS and Intrusion attempts. Brian Mitchell (May 28)
- Re: Timing of DoS and Intrusion attempts. Valdis . Kletnieks (May 29)
- <Possible follow-ups>
- RE: Timing of DoS and Intrusion attempts. Patrick Andry (May 28)