Security Incidents mailing list archives
Re: DoS "Probing" on one of our hosts
From: Christopher Kunz <chrislist () de-punkt de>
Date: Mon, 30 Jun 2003 18:47:50 +0200
Edward Balas wrote:
Depends on the nature of the attack, from what I have seen this is not uncommen. Ive seen this type agaist IRC servers quite often.
Yeah, that is pretty usual - you want a server, specifically a node server, to lose its link with the other servers to "split" the network and be able to splitride your way into becoming op in your target channel(s). We don't run IRC services, however.
If you have access to the netflow accounting data for the routers, thenyou can backtrace the traffic to the incomming network. Or if you dont, your ISP may. They probably wont be interesting in helping backtrack this given the short duration.
I second. They seem to be used to real attacks going over days (to take down one of the many shell providers housed in the same data center) and don't take action for short spikes. They would, however, have filtered the source IPs on their border routers, but that's no good if you either don't know the source or have to suspect it is spoofed. --ck -- php development | hosting | housing | professional game server hosting http://www.de-punkt.de [ chris () de-punkt de ] http://www.stormix.de +49 511 1237504 | +49 511 1237505 | laportestr. 2a, 30449 hannover.de Filoo auf dem Linuxtag 2003 (F15) - http://www.de-punkt.de/lt2003.php ----------------------------------------------------------------------------Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
Current thread:
- DoS "Probing" on one of our hosts Christopher Kunz (Jun 29)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Edward Balas (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- <Possible follow-ups>
- re: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Donald Voss (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- RE: DoS "Probing" on one of our hosts Keith T. Morgan (Jun 30)
- RE: DoS "Probing" on one of our hosts King, Brian (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Cook, Christopher S. (Jun 30)
- RE: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- RE: DoS "Probing" on one of our hosts Stone, Alexander (Jun 30)