DoS "Probing" on one of our hosts
From: Christopher Kunz (chrislist_at_de-punkt.de)
Date: 06/29/03
- Previous message: Chris Ess: "Re: possible new irc worm"
- Next in thread: Chris Calvert: "Re: DoS "Probing" on one of our hosts"
- Reply: Chris Calvert: "Re: DoS "Probing" on one of our hosts"
- Reply: Edward Balas: "Re: DoS "Probing" on one of our hosts"
- Maybe reply: Keith T. Morgan: "RE: DoS "Probing" on one of our hosts"
- Maybe reply: King, Brian: "RE: DoS "Probing" on one of our hosts"
- Maybe reply: Cook, Christopher S.: "RE: DoS "Probing" on one of our hosts"
- Maybe reply: Stone, Alexander: "RE: DoS "Probing" on one of our hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 29 Jun 2003 22:41:50 +0200 To: incidents@securityfocus.com
Hey,
we have been encountering three short DoS attacks during the weekend -
each one around 1 hour in length and with about 100mbit worth of
bandwidth. So far, we've yet to determine even the most basic stuff,
since we don't seem to have any logging. I have two questions regarding
this:
1. isn't one hour a pretty short time for a DoS? I've seen attacks on
other nets lasting for hours, sometimes up to a day...
2. is there any tool to determine the source IPs of the attack (even if
they're spoofed, I'd like to see _anything_)? Snort sits on the attacked
host and happily reports SQL/Slammer and other trivial stuff, but goes
through one of the attacks without picking any signatures up.
Regards,
--ck
-- php development | hosting | housing | professional game server hosting http://www.de-punkt.de [ chris@de-punkt.de ] http://www.stormix.de +49 511 1237504 | +49 511 1237505 | laportestr. 2a, 30449 hannover.de Filoo auf dem Linuxtag 2003 (F15) - http://www.de-punkt.de/lt2003.php ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
- Previous message: Chris Ess: "Re: possible new irc worm"
- Next in thread: Chris Calvert: "Re: DoS "Probing" on one of our hosts"
- Reply: Chris Calvert: "Re: DoS "Probing" on one of our hosts"
- Reply: Edward Balas: "Re: DoS "Probing" on one of our hosts"
- Maybe reply: Keith T. Morgan: "RE: DoS "Probing" on one of our hosts"
- Maybe reply: King, Brian: "RE: DoS "Probing" on one of our hosts"
- Maybe reply: Cook, Christopher S.: "RE: DoS "Probing" on one of our hosts"
- Maybe reply: Stone, Alexander: "RE: DoS "Probing" on one of our hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
