Security Incidents mailing list archives

DoS attack

From: "Jason Robertson" <jason () ifuture com>
Date: Mon, 18 Feb 2002 19:33:00 -0500

I just thought I would let everyone else know about this 

We have been receiving, over the past 2 days UDP DoS against our 
network, though I have had this blocked upstream, and now the x.x.x.28 
is now null routed, it has not stopped with the UDPs actually the 
upstream has found more sources now since then.

Anyways, the current stats from the section of the logs that I have, 
give me > 205000 packets between 15:56 and 18:40, though this has 
continued since then, so it's probably in the millions by now or worse.

Feb 17  15:56:14        216.18.48.122   42: %SEC-6-IPACCESSLOGP: list e-inbound 
denied udp 194.47.153.20(1249) -> x.x.x.28(113), 122 packets
--
Jason Robertson                
Now at the Nation Research Council.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Slow SNMP scan... Jay Quinby (Feb 15)
- Re: Slow SNMP scan... Jim Watt (Feb 16)
  - Re: Slow SNMP scan... Borja Marcos (Feb 18)
    - Re: Slow SNMP scan... Russell Fulton (Feb 20)
  - Re: Slow SNMP scan... Borja Marcos (Feb 18)
    - Re: Slow SNMP scan... Jim Watt (Feb 18)
  - DoS attack Jason Robertson (Feb 18)