Security Incidents mailing list archives
Re: could be slice?
From: Guilherme Mesquita <guy () linuxbr com br>
Date: Sat, 16 Dec 2000 21:00:20 -0200
Unfortunately you'll only be able to avoid this kind of attack using a powerful filter in your gateway but you must be careful: this need to be if possible, in your backbone. You won't be able to protect yourself from your own box. But you can also check the option for TCP_SYN_COOKIES in your kernel. This might help with excessive memory usage with TCP connections (this is one of the effects those DoS SYN/ACK tools cause) Well I think that's it. IPCHAINS isn't enough for this... On Mon, 11 Dec 2000, Andrita Constantin wrote:
Date: Mon, 11 Dec 2000 11:52:19 +0200 To: INCIDENTS () SECURITYFOCUS COM From: Andrita Constantin <aconstantin () EXPERT RO> Reply-To: Andrita Constantin <aconstantin () EXPERT RO> Sender: Incidents Mailing List <INCIDENTS () SECURITYFOCUS COM> Subject: could be slice? Hello For two weeks now I'm facing a problem with floods almost on a daily basis. I get 3000 and more TCP SYN connections from random hosts. I've been told that this might be generated by a tool called slice. Can somebody point me in the right direction to find out how can I trace the flooder? Or can I do something to prevent/stop these attacks? Regards Andrita Constantin ------------------------------------------------ Is it progress if a cannibal uses a knife and fork?
-- .--------------------. | Guilherme Mesquita | | guy () linuxbr com br | | UIN # 5864338 | `--------------------'
Current thread:
- could be slice? Andrita Constantin (Dec 12)
- Re: could be slice? Guilherme Mesquita (Dec 17)
- Re: could be slice? Ryan Sweat (Dec 17)
- Strange Scan TJ Jablonowski (Dec 18)
- Re: Strange Scan Glenn Williamson (Dec 18)
- Re: Strange Scan geoff (Dec 18)
- Re: could be slice? Ryan Sweat (Dec 17)
- Re: could be slice? Guilherme Mesquita (Dec 17)