Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

DoS yesterday

From: "Dmitri Smirnov" <Dmitri.Smirnov () roundheaven com>
Date: Tue, 26 Mar 2002 13:24:00 -0800
Hello,

yesterday we've got about 150,000 HTTP requests with diff. source IPs (121,000 unique) to a single host in 2-5 mins. 
interval.
According to logs all source IPs are spoofed. 
Almost each HTTP request produced an ICMP connection from spoofed IP (port unreach, network unreach, etc).

It looks like a probe before a serious DoS attack. 

Does it looks like a new DoS tool? 

What could you recommend to do?

Where is no way to find out a mastermind since attack was short, isn't it?

Dmitri Smirnov, SSCP



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: