Re: New Denial of Service Attack on Panix

["Mark A. Fullmer" <maf () net ohio-state edu>]

Paul A Vixie writes:

> If Cisco routers had TCPDUMP capability this would be a lot simpler.  If
> all the routers in the universe had TCPDUMP, and all the router operators
> had eachother's phone numbers, we could track this to the source in less
> than five minutes.  Alas, the misfit teenagers of the underworld have
> caught us without any of the tools we need be able to track this down.

The attacks will show up in Cisco netflow switching exports though.

ftp://ftp.net.ohio-state.edu/users/maf/priv/flow.tar is the start
of a toolkit.

-- 
mark
- - - - - - - - - - - - - - - - -