North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

[ #25891] AutoReply: RE: Identifying DoS-attackedIP address(es) (fwd)

  • From: Christopher L. Morrow
  • Date: Mon Dec 16 16:30:27 2002

who signed up a ticketing system to nanog??

([email protected])

---------- Forwarded message ----------
Date: Mon, 16 Dec 2002 16:22:09 -0500 (EST)
From: Candid Hosting Support <[email protected]>
To: [email protected]
Subject: [ #25891] AutoReply: RE: Identifying DoS-attacked
    IP address(es)

This message has been automatically generated in response to your trouble ticket request regarding: "RE: Identifying DoS-attacked IP address(es)", a summary of which appears at the bottom of this e-mail.

Your ticket has been assigned an ID of [ #25891].  Our support personnel will contact you shortly in regards to this matter.

If your request is concerning a dedicated server, please make sure that you have provided the following required information:
  - At least one domain name or IP address used on the server
  - Login and/or root passwords as required by the specific issue
  - Remote access, such as a pcAnywhere or VNC password, for Windows systems

For future correspondence concerning this issue, please reply to this e-mail or include the string "[ #25891]" in the subject line of new messages.

Candid Hosting Technical Support Team
 - [email protected]
 - ICQ #141214819
 - 1-877-248-9888, Option #2


On Mon, 16 Dec 2002, Livio Ricciulli wrote:

> FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
> a model using the cross-product of:
> 1) source/destination address distributions
> 2) packet rate
> 3) protocol

But I can't field deploy this 2 continents away at 4am with 10 mins

> This works very well to detect floods and does not require messing with
> routers..
> Livio.
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> Neil J. McRae
> Sent: Monday, December 16, 2002 9:38 AM
> To: Andre Chapuis
> Cc: Christopher L. Morrow; [email protected]
> Subject: Re: Identifying DoS-attacked IP address(es)
> Sampled netflow, or look at the traceback stuff in later
> IOS 12.0S versions.  Avoid filter lists as the GSR engine cards
> have a statically limited number of entries.
> Regards,
> Neil.