Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

DoS/DDoS on port 1863(MSN protocol)

From: Diego Sebastián González <dgonzalez () telespazio com ar>
Date: Thu, 23 Sep 2004 13:01:05 -0300
Hi all,
 I work in an Satellite ISP(teleport) and we are experimenting a Dos/DDoS
Attack in our routers on port 1863.
Too much SYNs are being sent from a lot of our Public IP Customers to 1863
port to MSN Servers.
10.000 connections per seconds are generated in our TCP accelerators
systems, and overflows this system and borders routers.
We can identify the customers, but are too much. We cannot drop this port
because MSN application uses and we cannot apply policies to our firewalls
because the MSN Servers response to SYNs generated from our customers.
We have Allot systems that perform filters by IP header, but really, we need
to filter by application layer.

Anybody has an idea to solve this problem?

Tks in advance.

Diego S. González
Operations Team
Telespazio
Visit us @ http://www.finmeccanica.it
Visit us @ http://www.telespazio.it
Previous By Date Next
Previous By Thread Next

Current thread: