nanog mailing list archives
Re: Security Guideance
From: Bill Stewart <nonobvious () gmail com>
Date: Wed, 24 Feb 2010 17:54:28 -0800
On Tue, Feb 23, 2010 at 11:46 AM, Paul Stewart <pstewart () nexicomgroup net> wrote:
The problem is that a user on this box appears to be launching high traffic DOS attacks from it towards other sites. These are UDP based floods that move around from time to time - most of these attacks only last a few minutes.
Do the UDP floods have source-addresses that belong to your machine, or are they spoofed? Make sure you block that noise; depending on the applications the users think they've implemented, do you need to allow any outbound UDP other than 53? Can you move the users onto virtual machines instead of real ones? That can make it easier to isolate the problem users, or at least to cram an IDS in front of it. -- ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
Current thread:
- Re: Security Guideance, (continued)
- Re: Security Guideance Curtis Maurand (Feb 24)
- Re: Security Guideance LaDerrick H. (Feb 23)
- Re: Security Guideance David Freedman (Feb 23)
- RE: Security Guideance Joe Conlin (Feb 23)
- Re: Security Guideance Nate Itkin (Feb 23)
- Re: Security Guideance Valdis . Kletnieks (Feb 23)
- Re: Security Guideance Joel Esler (Feb 23)
- Re: Security Guideance Valdis . Kletnieks (Feb 23)
- RE: Security Guideance Express Web Systems (Feb 23)
- Re: Security Guideance Gadi Evron (Feb 23)
- Re: Security Guideance Laurens Vets (Feb 24)
- Re: Security Guideance Bill Stewart (Feb 24)