nanog mailing list archives
Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list)
From: Hank Nussbacher <hank () att net il>
Date: Tue, 30 Jul 2002 18:46:56 +0300 (IDT)
On Tue, 30 Jul 2002 michael.dillon () radianz com wrote:
That's the obvious solution to the problem if the problem is how to track down the source(s) of a DoS attack. However, in any DoS attack, there is always a victim and one or more devices sendingattack traffic to the victim. The owners of the attacking devices are accessories to the crime although I'm sure they could plead ignorance and avoid any liability. But what if they could not plead ignorance? What if we could identify some of theattacking devices, and what if the victim sent a legal "cease and desist" letter to the owners of the attacking devices? Now, the victim is in a position to sue the owners of these attacking devices if they don't fix the problem by securing their machines. And once this happens and gets some press coverage, a whole bunch of other machine owners will wake up and realize that they could be stuck with big legal bills if they don't secure their machines. So, to restate the problem, how do we identify some of the sources of a DoS attack quickly, maybe even while the attack is still in progress?
Not a complete solution but a start: IP Source Tracker: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s21/ipst.htm Available as of 12.0(22)S for 7500 and 12000 series Cisco routers. -Hank
Current thread:
- Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) michael . dillon (Jul 30)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Hank Nussbacher (Jul 30)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Nipper, Arnold (Jul 30)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Randy Bush (Jul 30)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Rafi Sadowsky (Jul 30)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Randy Bush (Jul 31)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Jesper Skriver (Jul 31)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Nipper, Arnold (Jul 30)
- Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list) Hank Nussbacher (Jul 30)