RE: DOS Attack?
From: David Gillett (gillettdavid_at_fhda.edu)
Date: 11/29/04
- Previous message: Gaspar de Elías: "Re: "Secure" Web Hosting?"
- In reply to: Shawn Wall: "DOS Attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Shawn Wall'" <sjwall@shaw.ca>, <security-basics@securityfocus.com> Date: Mon, 29 Nov 2004 09:28:13 -0800
1. If you have "established" in your ACL, it will allow in any TCP
packet that doesn't just have the SYN flag set. I've seen nasty
traffic send only RST packets to get the traffic past an ACL...
2. DoS attacks often rely on resource starvation, and the easiest
resource to consume is bandwidth. If I were to send you more traffic
than your pipe could carry, packets would have to be lost -- even if
you were dropping all of my traffic when it reached your ACL. And
if packets are being dropped at the upstream end of your pipe, there
can be good odds that legitimate connections originating from your
network never receive their answers....
David Gillett
> -----Original Message-----
> From: Shawn Wall [mailto:sjwall@shaw.ca]
> Sent: Wednesday, November 24, 2004 6:23 PM
> To: security-basics@securityfocus.com
> Subject: DOS Attack?
>
>
> Hi List,
>
> I'm currently experiencing network outages due to what
> appears to be DOS
> attacks. I'm running a wireless ISP using a Cisco 2611 and
> CBAC and I have a
> /24 public address range. During the outage I can see traffic
> from a single
> external host sending thousands of packets to a single
> internal host. I
> don't have port 80 inbound open in my ACLs so I don't
> understand how the
> external host is even able to contact the internal host to begin with.
> Secondly, how is it possible for an attack on 1 internal host
> to cripple the
> rest of my network? Any feedback would be welcome. Thanks.
>
> shawn
>
>
- Previous message: Gaspar de Elías: "Re: "Secure" Web Hosting?"
- In reply to: Shawn Wall: "DOS Attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
