Security Incidents mailing list archives
re: DoS "Probing" on one of our hosts
From: Harlan Carvey <keydet89 () yahoo com>
Date: Sun, 29 Jun 2003 16:27:03 -0700 (PDT)
Chris, A couple of quick questions for clarification...
So far, we've yet to determine even the most basic
stuff First, if you don't even have "the most basic stuff", how do you know that this was a DoS attack? Could it have been a network outage, perhaps from the ISP? Second, by definition, a probe and a DoS attack are two wildly disparate events.
is there any tool to determine the source IPs of the
attack (even if they're spoofed,
I'm not sure that you're really aware of what you're asking.
Snort sits on the attacked host and happily reports SQL/Slammer and other trivial stuff, but goes
through
one of the attacks without picking any signatures
up. Snort takes action based on it's signatures...therefore, this "attack" would not have been logged if the signatures for it were not in the snort config file. I'm very interested to see what information you can provide on this event, to show that it was, in fact, a DoS attack. Thanks, Harlan __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- DoS "Probing" on one of our hosts Christopher Kunz (Jun 29)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Edward Balas (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- <Possible follow-ups>
- re: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Donald Voss (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- RE: DoS "Probing" on one of our hosts Keith T. Morgan (Jun 30)
- RE: DoS "Probing" on one of our hosts King, Brian (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Cook, Christopher S. (Jun 30)
- RE: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- RE: DoS "Probing" on one of our hosts Stone, Alexander (Jun 30)