nanog mailing list archives
Re: DDos syn attack
From: Avleen Vig <lists-nanog () silverwraith com>
Date: Wed, 1 Jan 2003 19:30:00 -0800 (PST)
On Mon, 30 Dec 2002, Chris Wedgwood wrote:
maybe this could help find the attacking nwtwork? assuming people are using local DNS servers? under attack you could sporadically 'lie' about the result... and log to whom you lied to... all the time looking for changes in the DDoS target a fair amount work perhaps...
This would be nice. Sort of like using different email addresses for each site you hand them to and watching to see where the spam comes in from :-) Tracing back an IP from bind logs to see which name servers looked up an attacked address immediately before the attack started. This at leads to the offender's ISP which is a good start.
Current thread:
- Re: DDos syn attack Avleen Vig (Jan 01)
- Re: DDos syn attack E.B. Dreger (Jan 01)
- Re: DDos syn attack Sean Donelan (Jan 01)