Security Basics mailing list archives
Re: Incident Response
From: "Meritt James" <meritt_james () bah com>
Date: Wed, 11 Dec 2002 09:56:48 -0500
Concur. Two reasons, off-hand. 1. Neat way to DDoS site is the hit a few thousand sites with a spoofed return address. All thousand sites then go back to one box - which then dies. Works with superping nicely. 2. Infinite loop. Consider the old 'finger' situation. 'nuff said? Jim Byrne Ghavalas wrote:
Hi, I wouldn't recommend writing a script to 'automatically scan them back', for several reasons. The most obvious reason is that some scans are simply spoofed. If a script 'automatically scanned them back', it would be quite easy to get the script to scan innocent sites.
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
Current thread:
- Incident Response netsec novice (Dec 05)
- <Possible follow-ups>
- Re: Incident Response netsec novice (Dec 06)
- Re: Incident Response H C (Dec 09)
- Re: Incident Response Chris Berry (Dec 10)
- Re: Incident Response Byrne Ghavalas (Dec 10)
- Re: Incident Response Meritt James (Dec 11)
- Re: Incident Response Byrne Ghavalas (Dec 10)