|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Denial of service attacks apparently from UUNET Netblocks
On Tue, 7 Oct 1997, Karl Denninger wrote: > No. This was a transmission of 1K packets and was not in the style of any > previously-seen attack that I'm aware of. Its a new thing. > > There was no attempt to SYN flood, or hit broadcast addresses, or use > source-routing. All of that is protected against fairly well here. This > was a simple "the machines are on a 10Mbps pipe, so hit them with 30Mbps of > traffic and flood their NIC ports to the point that they're useless". That's exactly what we saw here as well, except we did see some broadcast traffic. They hit us with so much traffic that our 10Mbps link was useless. The offending sites I got were 192.195.100.1, 128.132.45.105, 167.152.96.78, but according to the customer they believe those to be forged. I'm almost certain that at least some of these sites had to be used, as the source routed traffic should have been stopped at the router. This did stop the traffic from coming through, but it didn't stop it from killing the link once it got here. Joe Shaw - [email protected] NetAdmin - Insync Internet Services
|