![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Denial of service attacks apparently from UUNET Netblocks
From: Barney Wolff <barney () databus com>
Date: Wed, 8 Oct 1997 17:57 EDT
Let me try again, since it seems I wasn't clear enough. There's been a lot of delightful talk about whether/how to retrieve the calling phone on a given port. But none about how to determine with confidence which port the nasty packets come from. Without source address assurance, any user on any port of any dialin box can source packets with any IP address(es) desired. So you don't know which port to go get ANI/CLID for. What is also not explained is how to produce multi-megabit streams from dialup. MP? Multiple independent calls? Ping to broadcast with faked source address? Or was the attack not from dialup at all? In other words, I don't know why this attack generated a debate about ANI/CLID. Barney Wolff
Date: Wed, 8 Oct 1997 10:33:16 -0500 (CDT) From: Joe Shaw <jshaw () insync net> To: Barney Wolff <barney () databus com> Cc: nanog () merit edu Subject: Re: Denial of service attacks apparently from UUNET Netblocks Content-Length: 1151 On Tue, 7 Oct 1997, Barney Wolff wrote:Date: Tue, 7 Oct 1997 12:04:27 -0400 (EDT) From: Alex Przekupowski <oop () idt net> On the MAX's that I have set up, I log that info to syslog (Local 7), and can pull it up at will. If you need a hand, just let me know. By combining the syslog output, and the RADIUS accounting logs, we can definately prove at least the home address of the attacker.How are you providing source address assurance, on either a MAX or a TNT? My understanding, which may well be flawed, is that the only way is with a filter. I have heard claims, which may also be flawed, that filters have a severe performance impact on MAX and TNT. Without source address assurance, how do you know that the packets are actually coming from the user who was assigned that address at that time? Barney Wolff <barney () databus com>What he means is that he can provide the number of the person who dialed into his equipment. That information can be given to you on your PRI, and reported in both radius accounting and syslog. Joe Shaw - jshaw () insync net NetAdmin - Insync Internet Services
Current thread:
- Re: Denial of service attacks apparently from UUNET Netblocks, (continued)
- Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Karl Denninger (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Joe Shaw (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Sharif Torpis (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Dale Drew (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Alex "Mr. Worf" Yuriev (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Justin W. Newton (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Matthew V. J. Whalen (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 08)
- Message not available
- Re: Denial of service attacks apparently from UUNET Netblocks Jay R. Ashworth (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 08)
- Message not available
- Re: Denial of service attacks apparently from UUNET Netblocks Jay R. Ashworth (Oct 08)