Security Incidents mailing list archives
Re: DoS "Probing" on one of our hosts
From: Christopher Kunz <chrislist () de-punkt de>
Date: Mon, 30 Jun 2003 18:47:14 +0200
King, Brian wrote:
without any idea of what kind of traffic it was, I would not assume anything. For one thing, can you prove that the traffic was externally generated? Looking at how aggressively slammer scanned, I would not discount that the traffic could be generated by a worm within your network. Without knowing the destination of the "DOS" packets, you can't tell if it was a routing messup that sent a torrent of data toyou.
I can discount that. The traffic is inbound on the switch to our network segment, so it is at least not generated inside our rack.
Then again, it could be someone on your internal network probing to seehow much they can slow down Yahoo using your bandwidth.
I don't get that. If someone would be using my bandwidth, how come I see 100 mbit INBOUND, not OUTBOUND? To clarify all this a bit, I have uploaded our uplink provider's rrdtool image for the last 24 hours to http://www.christopher-kunz.de/images/dos_1.png The other two spikes are very similar in height and length. --ck -- php development | hosting | housing | professional game server hosting http://www.de-punkt.de [ chris () de-punkt de ] http://www.stormix.de +49 511 1237504 | +49 511 1237505 | laportestr. 2a, 30449 hannover.de Filoo auf dem Linuxtag 2003 (F15) - http://www.de-punkt.de/lt2003.php ----------------------------------------------------------------------------Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
Current thread:
- Re: DoS "Probing" on one of our hosts, (continued)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Edward Balas (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- re: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Donald Voss (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- RE: DoS "Probing" on one of our hosts Keith T. Morgan (Jun 30)
- RE: DoS "Probing" on one of our hosts King, Brian (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Cook, Christopher S. (Jun 30)
- RE: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- RE: DoS "Probing" on one of our hosts Stone, Alexander (Jun 30)