RE: DoS
From: Andrew Hatfield (andrew@hatfields.com.au)Date: 01/07/02
- Previous message: Seth Arnold: "Re: vlock with md5 password support"
- Maybe in reply to: Aleksey Domorad: "DoS"
- Next in thread: Thomas Smith: "Re: DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Jan 2002 08:26:32 +1000 From: "Andrew Hatfield" <andrew@hatfields.com.au> To: "Aleksey Domorad" <aleksey@lioha.com>, <focus-linux@lists.securityfocus.com>
> [**] DDOS shaft synflood [**]
> 01/07-08:21:35.632619 0:2:17:62:12:A5 -> 0:10:4B:C5:F:D
> type:0x800 len:0x3C
> 194.77.208.1:1580 -> XXX.XXX.XXX.XXX:111 TCP TTL:16 TOS:0x0 ID:58100
> IpLen:20 DgmLen:40
> ******S* Seq: 0x28374839 Ack: 0x2294E541 Win: 0xFFFF TcpLen: 20
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> =+=+=+=+=+=+
>
> I'd like to know if there is anykind of software that can
> besides detecting
> DoS attack also report via any tool to Administrator and or
> ISP Abuse Email
you can use Demarc (http://www.demarc.org/) which is an excellent
interface to snort.
you could use syn flood protection via iptables and log it to
/var/log/synflood and have a cron job that checks the log file, parses
it, does funky stuff and then mails you results.
you could also look at logcheck from psionic
--
Andrew Hatfield
Head - Internet Security Division
Hatfield & Associates Pty. Ltd.
Phone : +61 7 3849 7155
Fax : +61 7 3849 6277
Email : info@hatfields.com.au
Web : http://www.hatfields.com.au/
- Previous message: Seth Arnold: "Re: vlock with md5 password support"
- Maybe in reply to: Aleksey Domorad: "DoS"
- Next in thread: Thomas Smith: "Re: DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
