Security Incidents mailing list archives
Re: Help in flood
From: "Guido Bolognesi [ Zen ]" <zen () kill-9 it>
Date: Wed, 1 Oct 2003 14:24:35 +0200
On Mon, Sep 29, 2003 at 03:43:15PM -0000, Mauro Marazzi wrote:
We have had a flood described below on a red hat 7.3 system with bind 9 (is a Dns server). Bandwidth consumption about 30Mbps. What kind of attack is? And how to prevent it?
While I can't comment on the type of attack, I suggest you contact your upstream provider[1] to get the traffic filtered, if it's coming from a single or a small number of hosts. If it's distributed/spoofed things can get really bad. In the meanwhile, you can try to contact directly the provider on the other side asking to verify and, if it's the case, filter the traffic on his side. [1] Colt Telecom, it seems. ciao, -- My home isn't cluttered; it's "passage restrictive." zen () kill-9 it . Geek . And proud of it . http://www.kill-9.it/jargon/html/entry/zen.html --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Help in flood Guido Bolognesi [ Zen ] (Oct 01)