Security Incidents mailing list archives
RE: DoS/DDoS on port 1863(MSN protocol)
From: "easternerd" <easternerd () gmx net>
Date: Mon, 27 Sep 2004 01:50:16 +0530
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I suggest you first take Incident Response Step #1 - Cut off the attack. ask your isp to apply ingress rules. Remember now the packets doesnt seem to have a harmed you much, But what if the router just pops off, u sure dont want to DOS yourself. and take measures to notify the isps from where these attacks are erupting. Email Correspondence : easternerd () gmx net easternerd () eml cc Website : http://www.cryptography.tk <http://www.cryptography.tk> http://www.securityrisk.org <http://www.securityrisk.org> - -----Original Message----- From: Diego Sebastián González [mailto:dgonzalez () telespazio com ar] Sent: Thursday, September 23, 2004 9:31 PM To: incidents () securityfocus com Subject: DoS/DDoS on port 1863(MSN protocol) Hi all, I work in an Satellite ISP(teleport) and we are experimenting a Dos/DDoS Attack in our routers on port 1863. Too much SYNs are being sent from a lot of our Public IP Customers to 1863 port to MSN Servers. 10.000 connections per seconds are generated in our TCP accelerators systems, and overflows this system and borders routers. We can identify the customers, but are too much. We cannot drop this port because MSN application uses and we cannot apply policies to our firewalls because the MSN Servers response to SYNs generated from our customers. We have Allot systems that perform filters by IP header, but really, we need to filter by application layer. Anybody has an idea to solve this problem? Tks in advance. Diego S. González Operations Team Telespazio Visit us @ http://www.finmeccanica.it Visit us @ http://www.telespazio.it -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQEVAwUBQVckf+xhEq37a08BAQIbtQf6A/Wvo62OxAkd+YkuEipbzm/gBmRF0uur x/cRg25TwlfeITKJYHZ5SfnsKEJZ25ne9wKzDfAhJfjeySSZ6I4SSaUIVXqyOZfa DptY6H0nkhoTvZEtjtTC+gcdo1xIWQC0sBwVXWiwqk4gk7jsbQFiptBZOfRxNQT9 8njYNNAVNNUO427/SK9shNpncUKelnHDCpq04y40szsvU6FA5E8N3u9f7YhaEEnT tP9mp3rrcn8d1Rj2pTDcU9SAB5o7wSEOSi3P05JmxgOwNrFHaIY6evqKGAmVyPXx 6nivFXPaZv8kqzOC7+Ej+BETo0l0kv7erVkJeyKZ7CFTNS41mnmUpw== =LC0H -----END PGP SIGNATURE-----
Attachment:
PGPexch.rtf.pgp
Description:
Current thread:
- Yahoo Account hacking Freilich, Robert (Sep 20)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Daniel Hanson (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 23)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Christine Kronberg (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- Re: Port 7000 (Apple File Share) DoS/DDoS underway Chris Krough (Sep 22)
- DoS/DDoS on port 1863(MSN protocol) Diego Sebastián González (Sep 26)
- RE: DoS/DDoS on port 1863(MSN protocol) easternerd (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Kevin Reardon (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Tillman Hodgson (Sep 29)
- data payload in SYN (Re: DoS/DDoS on port 1863(MSN protocol)) Martin Mačok (Sep 29)
- Port 7000 (Apple File Share) DoS/DDoS underway David Gillett (Sep 21)
- Re: DoS/DDoS on port 1863(MSN protocol) terry white (Sep 27)
- Re: DoS/DDoS on port 1863(MSN protocol) Martin Mačok (Sep 28)