RE: DOS Attack?
From: Andrew Shore (andrew.shore_at_holistecs.com)
Date: 11/29/04
- Previous message: Beauford, Jason: "RE: POCKET-PC: HOW TO SECURE ACCESS FROM A POCKET PC OUTSIDE TO A SERVER IN THE LAN"
- Maybe in reply to: Shawn Wall: "DOS Attack?"
- Next in thread: David Gillett: "RE: DOS Attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 13:53:01 -0000 To: "Shawn Wall" <sjwall@shaw.ca>, <security-basics@securityfocus.com>
Shaun
Have you consider the possibility it's the internal host connecting to
the external server?
A Trojan (et al)?
Try SHOW IP INSECT SESSION
See how the connections are being made.
(Be care full posting such dumps as they can give a lot away!)
Andy
-----Original Message-----
From: Shawn Wall [mailto:sjwall@shaw.ca]
Sent: 25 November 2004 02:23
To: security-basics@securityfocus.com
Subject: DOS Attack?
Hi List,
I'm currently experiencing network outages due to what appears to be DOS
attacks. I'm running a wireless ISP using a Cisco 2611 and CBAC and I
have a
/24 public address range. During the outage I can see traffic from a
single
external host sending thousands of packets to a single internal host. I
don't have port 80 inbound open in my ACLs so I don't understand how the
external host is even able to contact the internal host to begin with.
Secondly, how is it possible for an attack on 1 internal host to cripple
the
rest of my network? Any feedback would be welcome. Thanks.
shawn
- Previous message: Beauford, Jason: "RE: POCKET-PC: HOW TO SECURE ACCESS FROM A POCKET PC OUTSIDE TO A SERVER IN THE LAN"
- Maybe in reply to: Shawn Wall: "DOS Attack?"
- Next in thread: David Gillett: "RE: DOS Attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
