nanog mailing list archives
Re: router syn/syn-ack/ack alarming...
From: Michael Dillon <michael () memra com>
Date: Wed, 18 Sep 1996 09:50:08 -0700 (PDT)
On Wed, 18 Sep 1996, Guy T Almes wrote:
the source host. Syn/synack/ack ratio detection is complementary, since it could help detect an attack near the destination host.
It could also help detect an attack near the source host which would help *GREATLY* in tracing the perpetrator of the attacks. This ratio detection doesn't need to shutdown anything, just syslog the fact so that admins have something in their logs like SYN/ACK RATIO 33:1 POSSIBLE HACKER ATTACK which will make them sit up and take notice. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael () memra com - - - - - - - - - - - - - - - - -
Current thread:
- router syn/syn-ack/ack alarming... Regis Donovan (Sep 17)
- Re: router syn/syn-ack/ack alarming... Alex.Bligh (Sep 17)
- Re: router syn/syn-ack/ack alarming... Mr. Jeremy Hall (Sep 17)
- Re: router syn/syn-ack/ack alarming... Perry E. Metzger (Sep 17)
- Re: router syn/syn-ack/ack alarming... Jeff Young (Sep 17)
- <Possible follow-ups>
- Re: router syn/syn-ack/ack alarming... Vadim Antonov (Sep 17)
- Re: router syn/syn-ack/ack alarming... Paul Ferguson (Sep 18)
- Re: router syn/syn-ack/ack alarming... Guy T Almes (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Guy T Almes (Sep 18)
- Re: router syn/syn-ack/ack alarming... Justin W. Newton (Sep 18)
- Re: router syn/syn-ack/ack alarming... Vern Paxson (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Larry J. Plato (Sep 18)
- Re: router syn/syn-ack/ack alarming... George Herbert (Sep 18)
- Re: router syn/syn-ack/ack alarming... Mark A. Fullmer (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)