Security Incidents mailing list archives
DoS yesterday
From: "Dmitri Smirnov" <Dmitri.Smirnov () roundheaven com>
Date: Tue, 26 Mar 2002 13:24:00 -0800
Hello, yesterday we've got about 150,000 HTTP requests with diff. source IPs (121,000 unique) to a single host in 2-5 mins. interval. According to logs all source IPs are spoofed. Almost each HTTP request produced an ICMP connection from spoofed IP (port unreach, network unreach, etc). It looks like a probe before a serious DoS attack. Does it looks like a new DoS tool? What could you recommend to do? Where is no way to find out a mastermind since attack was short, isn't it? Dmitri Smirnov, SSCP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DoS yesterday Dmitri Smirnov (Mar 26)