Re: DoS "Probing" on one of our hosts

From: Christopher Kunz (chrislist_at_de-punkt.de)
Date: 06/30/03

  • Next message: Chris Calvert: "Re: DoS "Probing" on one of our hosts" 
    Date: Mon, 30 Jun 2003 09:37:09 +0200
To: incidents@securityfocus.com

    Harlan Carvey wrote:
    > I'm very interested to see what information you can
    > provide on this event, to show that it was, in fact, a
    > DoS attack.

    Uhm, I'm quite positive that 97.8 mBit coming in through our uplink are
    a pretty good indicator for an attack.

    And by "probing" I meant that maybe the attacker only tried to determine
    our maximum bandwidth for a larger-scale attack, since the DoSes stopped
    fairly soon without any outer influence.

    --ck 

    -- 
php development | hosting |  housing | professional game server hosting
http://www.de-punkt.de   [ chris@de-punkt.de ]    http://www.stormix.de
+49 511 1237504 | +49 511 1237505 | laportestr. 2a, 30449 hannover.de
Filoo auf dem Linuxtag 2003 (F15) - http://www.de-punkt.de/lt2003.php
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
  • Next message: Chris Calvert: "Re: DoS "Probing" on one of our hosts"

    Relevant Pages

    • RE: DoS "Probing" on one of our hosts
      ... had students here do the file sharing thing .. ... a pretty good indicator for an attack. ... world's premier technical IT security event! ... Early-bird registration ends July 3. ...
      (Incidents)
    • RE: [Fwd: RE: Intrusion prevention and dDos protection]
      ... attack and maintain some functionality. ... > that all DDoS attacks are successful in filling the entirety ... worldÂ's premier> technical IT security event. ... > Symanetc is the Diamond sponsor. ...
      (Focus-IDS)
    • RE: Views and Correlation in Intrusion Detection
      ... >>server if my IMAP server isn't vulnerable to that attack. ... and the passive ones don't really tell you much about vulnerability ... world's premier technical IT security event! ...
      (Focus-IDS)