Re: How to get rid of spoofed IP-Address responses
From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)Date: 05/27/02
- Previous message: Richard R. Kaufman: "securing nic's for snort"
- Maybe in reply to: NetWatch: "How to get rid of spoofed IP-Address responses"
- Next in thread: weapon x: "Re: How to get rid of spoofed IP-Address responses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 May 2002 13:10:14 -0700 (PDT) From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com> To: focus-linux@securityfocus.com
Well first of all blocking all > 1024 port traffic won't be a good idea. And besides the guy said himself that he was being a victim of SYN RESPONCE with source port 80.
It means somebody tried to reflect his DOS attack towards his webserver. What he needs to do is to filter out SYN+ACK (Responce Packets) which have not been initialized by his webserver.
Regards,
---------
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET
Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org
Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
voice: 92-21-4980523 92-21-4974781
"Great is the Art of beginning, but Greater is the Art of ending. "
_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag
- Previous message: Richard R. Kaufman: "securing nic's for snort"
- Maybe in reply to: NetWatch: "How to get rid of spoofed IP-Address responses"
- Next in thread: weapon x: "Re: How to get rid of spoofed IP-Address responses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
