RE: DoS "Probing" on one of our hosts
From: King, Brian (BKing_at_langleyfcu.org)
Date: 06/30/03
- Previous message: Keith T. Morgan: "RE: DoS "Probing" on one of our hosts"
- Maybe in reply to: Christopher Kunz: "DoS "Probing" on one of our hosts"
- Next in thread: Christopher Kunz: "Re: DoS "Probing" on one of our hosts"
- Reply: Christopher Kunz: "Re: DoS "Probing" on one of our hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Jun 2003 11:21:22 -0400 To: <chris@de-punkt.de>, <incidents@securityfocus.com>
Chris,
>Uhm, I'm quite positive that 97.8 mBit coming in through our uplink are
>a pretty good indicator for an attack.
without any idea of what kind of traffic it was, I would not assume
anything. For one thing, can you prove that the traffic was externally
generated? Looking at how aggressively slammer scanned, I would not
discount that the traffic could be generated by a worm within your
network. Without knowing the destination of the "DOS" packets, you
can't tell if it was a routing messup that sent a torrent of data to
you.
>And by "probing" I meant that maybe the attacker only tried to
determine
>our maximum bandwidth for a larger-scale attack, since the DoSes
stopped
>fairly soon without any outer influence.
Then again, it could be someone on your internal network probing to see
how much they can slow down Yahoo using your bandwidth.
I just don't think we should rush to conclusions without knowing
anything about the traffic.
Brian
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: Keith T. Morgan: "RE: DoS "Probing" on one of our hosts"
- Maybe in reply to: Christopher Kunz: "DoS "Probing" on one of our hosts"
- Next in thread: Christopher Kunz: "Re: DoS "Probing" on one of our hosts"
- Reply: Christopher Kunz: "Re: DoS "Probing" on one of our hosts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
