Security Incidents mailing list archives
Re: DoS Attacks, Detecting the Source, and Service Providers
From: H C <keydet89 () yahoo com>
Date: Tue, 4 Feb 2003 12:44:06 -0800 (PST)
Hamid,
Maybe a newbie question, but I was wondering if back-tracing packets to its source is a service provider requirement? I mean if one of my hosts is being attacked, for example a simple ICMP DoS attack, what could I do if the service provider doesn't
cooperate? Requirement? Not hardly. If you're experiencing an attack, you can (a) configure your own systems (routers, f/ws) to protect against it, and (b) *ask* your ISP to do the same.
I was wondering if there are certain procedures to detect the source of attacks?
What attacks? Things like ICMP DoS and even UDP-based attacks like Slammer are relatively easy to spoof...TCP-based attacks (except for things like SYN flooding) are more difficult. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DoS Attacks, Detecting the Source, and Service Providers Hamid (Feb 04)
- Re: DoS Attacks, Detecting the Source, and Service Providers james (Feb 04)
- RE: DoS Attacks, Detecting the Source, and Service Providers Rob Shein (Feb 05)
- Re: DoS Attacks, Detecting the Source, and Service Providers H C (Feb 05)