nanog mailing list archives
Re: NANOG meeting subject of attack? Hmmmm....
From: Travis Pugh <tpugh () shore net>
Date: Wed, 9 Feb 2000 20:21:28 -0500 (EST)
On the subject of cooperation, has anyone set out to catalog where these attacks are coming from, at least in terms of compromised networks, and share said information? I know similar catalogs sprang up in response to smurfs ... is it time to start listing offending networks? Even better, does anyone know if the attacks are using something like TFN2K and using dummy addresses to obfuscate real attacking hosts? I see a lot of talk of attacked sites putting up router filters to stop attacks. Can anyone who knows let the rest of us in on what was filtered ... was Yahoo taken down with a flood of HTTP GETs, ICMP, UDP, SYN floods, or what? If this is a DDoS, the attack could probably be fingerprinted ... this would be very useful information if we are going to see more tomorrow. Do we know if the source addys are spoofed, and if an attacker could turn off spoofing, revealing the source of the traffic but getting around some filtering? I am making the assumption that the last three days' attacks were caused by the same person or persons. But the intent is the same regardless ... we can all go back and forth on NANOG about what might be happening, and wait for the feds to chase down the attacker(s), or people who have been attacked or might be attacked can compare notes and try to get an idea of where the attacks are coming from and exactly what they are. Any relevant info would be appreciated. Nobody knows who is next. -travis On Wed, 9 Feb 2000, Joe Shaw wrote:
Make it a law, and they will. But I don't think laws are the answer to cooperation. The Tier1's should take the time to work together on their own before they are forced to in a way they may not like. -- Joseph W. Shaw - jshaw () insync net Computer Security Consultant and Programmer Free UNIX advocate - "I hack, therefore I am." On Wed, 9 Feb 2000, Henry R. Linneweh wrote:they should be made to co-operate with the backbone provider and not have much choice in the matter.
Current thread:
- Re: NANOG meeting subject of attack? Hmmmm...., (continued)
- Re: NANOG meeting subject of attack? Hmmmm.... Christian Nielsen (Feb 08)
- Re: NANOG meeting subject of attack? Hmmmm.... Charles Sprickman (Feb 08)
- Re: NANOG meeting subject of attack? Hmmmm.... Craig A. Huegen (Feb 08)
- Re: NANOG meeting subject of attack? Hmmmm.... Forrest W. Christian (Feb 08)
- Re: NANOG meeting subject of attack? Hmmmm.... Paul Ferguson (Feb 09)
- Message not available
- Re: NANOG meeting subject of attack? Hmmmm.... Paul Ferguson (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Charles Sprickman (Feb 08)
- Re: NANOG meeting subject of attack? Hmmmm.... Christian Nielsen (Feb 08)
- Re: NANOG meeting subject of attack? Hmmmm.... Shawn McMahon (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Dan Hollis (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Henry R. Linneweh (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Joe Shaw (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Travis Pugh (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Dan Hollis (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Joe Shaw (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... Wayne Bouchard (Feb 09)
- Message not available
- Re: NANOG meeting subject of attack? Hmmmm.... Hank Nussbacher (Feb 10)
- Re: NANOG meeting subject of attack? Hmmmm.... Randy Bush (Feb 09)
- Re: NANOG meeting subject of attack? Hmmmm.... robert (Feb 09)