FW: [INFRAGARD-ATLANTA] DoS on cisco.com

["Paul Farley" <Paul.Farley () EventLevel com>]

FYI- Received from InfraGard

Regards,

Paul Farley
GCIA, CISSP, RHCE, CIFI
EventLevel, Inc.
www.eventlevel.com
678-429-2716

-----Original Message-----
From: Steve Edwards [mailto:Steve.Edwards () GBI STATE GA US] 
Sent: Tuesday, October 07, 2003 09:18
To: INFRAGARD-ATLANTA () LISTSERV CC EMORY EDU
Subject: [INFRAGARD-ATLANTA] DoS on cisco.com


The following information provided through InfraGard Atlanta:
infragard.atlanta () fbi gov
www.infragardatlanta.org

Cisco.com is under a DoS attack and asks for the following assistance from
network administrators.

-----Original Message-----
From: Roland Dobbins [mailto:rdobbins () cisco com]
Sent: Monday, October 06, 2003 4:02 PM
To:
Subject: CCO/cisco.com issues.




Folks,

We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding
towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH
resource-exhaustion attack, and working these issues with our
upstreams.  Our apologies for any inconveniences, and our thanks to
those who've assisted in tracing and blocking the spoofed traffic.

We're continuing to work the issue, and would be grateful if operators
would check for 40-byte spoofed TCP headed towards 198.133.219.25/32
and trace/block it as warranted.  Your patience and understanding are
greatly appreciated.

Thanks!

-------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice
_______________________________________________

*******
This message (including any attachments) contains confidential information
provided by InfraGard Atlanta, and is intended for a specific InfraGard
addressee.  This message is being distributed for informational purposes
only.  InfraGard assumes no responsibility and no liability for the content
of the message or liability for any attachments sent.  If you are not the
intended recipient, you should delete this message immediately, and are
hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.
If you do not agree to these terms and conditions, you are required to
notify InfraGard Atlanta immediately by email that you do not accept the
InfraGard terms and conditions.  InfraGard reserves the right to remove you
from its recipient list or take whatever steps it believes necessary or
appropriate to protect its legal rights.
InfraGard is an information sharing and analysis effort serving the
interests and combining the knowledge base of a wide range of members.
InfraGard is a cooperative undertaking between the U.S. Government (led by
the FBI and the NIPC) and an association of businesses, academic
institutions, state and local law enforcement agencies, and other
participants dedicated to increasing the security of United States' critical
infrastructures.


********
If you no longer wish to receive InfraGard Atlanta member emails, send a
request via email to Jerry Becknell, InfraGard Atlanta Coordinator at
gbecknell () fbi gov




---------------------------------------------------------------------------
----------------------------------------------------------------------------