North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: My First Denial of Service Attack..... (fwd)
---------- Forwarded message ---------- Date: Sun, 6 Oct 1996 11:40:25 -0400 From: Dave Van Allen <[email protected]> Reply-To: [email protected] To: "'[email protected]'" <[email protected]> Subject: RE: My First Denial of Service Attack..... Resent-Date: Sun, 6 Oct 1996 09:38:04 -0600 (MDT) Resent-From: [email protected] FYI, (if it has already been mentioned, please excuse the double post, but:) The latest version of the SYN attack code published in Phrack (last weeks edition, NOT last months) has an imbedded 'ping' ever several hundred SYN packets. If you get attacked, run snoop, tcpdump or anything that captures packets, and look for the pings - they have the real source address of the sender of the SYN flood attack. Please note, obviously the code can be modified to NOT ping, but our attacker last night did not do that, and we had the name of the user, their ISP, and other info in less than 15 minutes. Best regards, - Dave Van Allen - You Tools Corporation/FASTNET(tm) [email protected] (610)954-5910 http://www.fast.net FASTNET - PA/NJ/DE Business Internet Solutions >---------- >From: Avi Freedman[SMTP:[email protected]] >Sent: Saturday, October 05, 1996 7:37 PM >To: [email protected] >Subject: Re: My First Denial of Service Attack..... > >> I have a question about this - >> >> Could place an incoming ping filter denying all on your router, AND turn >> off small servers on the router? Would this work? Is there a downside to >> this? >> >> -Elroy ( [email protected] ) > >Not to state the obvious, but if you turn off pings into your network >then noone can ping into your network (for diagnostics etc...) > >Turning off small-servers on the router only affects things to the >router (and not ICMP pings, just presumably udp pings). > >Avi > > >============================== ISP Mailing List >============================== >Email ``unsubscribe'' to [email protected] to be removed. >Email ``subscribe'' to [email protected] to join the list. > ============================== ISP Mailing List ============================== Email ``unsubscribe'' to [email protected] to be removed. Excellent day for putting Slinkies on an escalator. - - - - - - - - - - - - - - - - -
|