Security Incidents mailing list archives

Re: DoS Attacks, Detecting the Source, and Service Providers

From: H C <keydet89 () yahoo com>
Date: Tue, 4 Feb 2003 12:44:06 -0800 (PST)

Hamid,

Maybe a newbie question, but I was wondering if
back-tracing packets to its
source is a service provider requirement? I mean if
one of my hosts is being
attacked, for example a simple ICMP DoS attack, what
could I do if the service provider doesn't

cooperate?

Requirement?  Not hardly.  If you're experiencing an
attack, you can (a) configure your own systems
(routers, f/ws) to protect against it, and (b) *ask*
your ISP to do the same.

I was wondering if there are certain procedures to
detect the source of attacks?


What attacks?  Things like ICMP DoS and even UDP-based
attacks like Slammer are relatively easy to
spoof...TCP-based attacks (except for things like SYN
flooding) are more difficult.  



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

DoS Attacks, Detecting the Source, and Service Providers Hamid (Feb 04)
- Re: DoS Attacks, Detecting the Source, and Service Providers james (Feb 04)
- RE: DoS Attacks, Detecting the Source, and Service Providers Rob Shein (Feb 05)
- Re: DoS Attacks, Detecting the Source, and Service Providers H C (Feb 05)