DoS/DDoS on port 1863(MSN protocol)

From: Diego Sebastián González (dgonzalez_at_telespazio.com.ar)
Date: 09/23/04

  • Next message: easternerd: "RE: DoS/DDoS on port 1863(MSN protocol)"
    To: <incidents@securityfocus.com>
    Date: Thu, 23 Sep 2004 13:01:05 -0300
    
    

    Hi all,
     I work in an Satellite ISP(teleport) and we are experimenting a Dos/DDoS
    Attack in our routers on port 1863.
    Too much SYNs are being sent from a lot of our Public IP Customers to 1863
    port to MSN Servers.
    10.000 connections per seconds are generated in our TCP accelerators
    systems, and overflows this system and borders routers.
    We can identify the customers, but are too much. We cannot drop this port
    because MSN application uses and we cannot apply policies to our firewalls
    because the MSN Servers response to SYNs generated from our customers.
    We have Allot systems that perform filters by IP header, but really, we need
    to filter by application layer.

    Anybody has an idea to solve this problem?

    Tks in advance.

    Diego S. González
    Operations Team
    Telespazio
    Visit us @ http://www.finmeccanica.it
    Visit us @ http://www.telespazio.it


  • Next message: easternerd: "RE: DoS/DDoS on port 1863(MSN protocol)"

    Relevant Pages

    • Re: DoS/DDoS on port 1863(MSN protocol)
      ... > to 1863 port to MSN Servers. ... Are you able to count SYNs per IP per second or minute? ... I can't think of better general solution to this sort of problem ...
      (Incidents)
    • RE: DoS/DDoS on port 1863(MSN protocol)
      ... Is their any way of rate limiting these packets to port 1863 available in your router? ... I work in an Satellite ISPand we are experimenting a Dos/DDoS ... Attack in our routers on port 1863. ... because the MSN Servers response to SYNs generated from our customers. ...
      (Incidents)
    • Re: Network from home to office, etc.
      ... I have an 8 port router at the office ... This entails finding out if those routers have static or dynamic IPs. ... I suggest port 3389 for remote desktop to be your easiest solution. ... (Of course, that assumes Windows XP Professional, Windows 2000 Server ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Xbox initiates but loses connection
      ... The BEFW11S4 v2 WAP w/ 4 port switch is not a WAP. ... Incompatible Routers ...
      (microsoft.public.windows.mediacenter)
    • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
      ... I've seen several other posts where people make use of browser exploits to trick the browser into submitting a form to the router/firewall, and if the router has the default password, the attacker can then configure the firewall any way they want. ... With FTP the client connect to the server, then at the start of a file transfer the client tells the server what port to connect to on the client. ... virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. ...
      (Firewall-Wizards)