nanog mailing list archives

Previous By Date Next
Previous By Thread Next

[candidhosting.com #25891] AutoReply: RE: Identifying DoS-attacked IP address(es) (fwd)

From: "Christopher L. Morrow" <chris () UU NET>
Date: Mon, 16 Dec 2002 21:27:59 +0000 (GMT)


who signed up a ticketing system to nanog??



--Chris
(chris () uu net)

---------- Forwarded message ----------
Date: Mon, 16 Dec 2002 16:22:09 -0500 (EST)
From: Candid Hosting Support <support () candidhosting com>
To: chris () UU NET
Subject: [candidhosting.com #25891] AutoReply: RE: Identifying DoS-attacked
    IP address(es)

Greetings,
This message has been automatically generated in response to your trouble ticket request regarding: "RE: Identifying 
DoS-attacked IP address(es)", a summary of which appears at the bottom of this e-mail.

Your ticket has been assigned an ID of [candidhosting.com #25891].  Our support personnel will contact you shortly in 
regards to this matter.

If your request is concerning a dedicated server, please make sure that you have provided the following required 
information:
  - At least one domain name or IP address used on the server
  - Login and/or root passwords as required by the specific issue
  - Remote access, such as a pcAnywhere or VNC password, for Windows systems

For future correspondence concerning this issue, please reply to this e-mail or include the string "[candidhosting.com 
#25891]" in the subject line of new messages.

Regards,
Candid Hosting Technical Support Team
 - support () candidhosting com
 - ICQ #141214819
 - 1-877-248-9888, Option #2

-------------------------------------------------------------------------


On Mon, 16 Dec 2002, Livio Ricciulli wrote:


FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
a model using the cross-product of:
1) source/destination address distributions
2) packet rate
3) protocol


But I can't field deploy this 2 continents away at 4am with 10 mins
notice...



This works very well to detect floods and does not require messing with
routers..

Livio.

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Neil J. McRae
Sent: Monday, December 16, 2002 9:38 AM
To: Andre Chapuis
Cc: Christopher L. Morrow; nanog () nanog org
Subject: Re: Identifying DoS-attacked IP address(es)


Sampled netflow, or look at the traceback stuff in later
IOS 12.0S versions.  Avoid filter lists as the GSR engine cards
have a statically limited number of entries.

Regards,
Neil.




(NH)
Previous By Date Next
Previous By Thread Next

Current thread: