Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help in flood

From: "Guido Bolognesi [ Zen ]" <zen () kill-9 it>
Date: Wed, 1 Oct 2003 14:24:35 +0200
On Mon, Sep 29, 2003 at 03:43:15PM -0000, Mauro Marazzi wrote:

We have had a flood described below on a red hat 7.3 system with bind 9 (is a Dns server). Bandwidth consumption 
about 30Mbps. What kind of attack is? And how to prevent it?


        While I can't comment on the type of attack, I suggest you
        contact your upstream provider[1] to get the traffic filtered, if
        it's coming from a single or a small number of hosts.
        If it's distributed/spoofed things can get really bad.

        In the meanwhile, you can try to contact directly the provider
        on the other side asking to verify and, if it's the case, filter
        the traffic on his side.

[1] Colt Telecom, it seems.

ciao,
-- 
My home isn't cluttered; it's "passage restrictive."
zen () kill-9 it . Geek . And proud of it .
http://www.kill-9.it/jargon/html/entry/zen.html

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: