Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DoS Attacks, Detecting the Source, and Service Providers

From: "Rob Shein" <shoten () starpower net>
Date: Tue, 4 Feb 2003 13:56:13 -0500
It is not a requirement, unless for some reason it's in their terms of
service.  That said, I've never seen a ToS from an ISP that involved
backtracing a DoS.  Detecting the source, in the event that it involves
spoofed packets (as they almost always do), requires backtracing.  If the
DoS is traffic-intensive, it may be coming from more than one source as
well, and there is no reliable way to determine this without backtracing
either.


-----Original Message-----
From: Hamid [mailto:hamidmails () panaisp net] 
Sent: Monday, February 03, 2003 4:40 PM
To: incidents () securityfocus com
Subject: DoS Attacks, Detecting the Source, and Service Providers


Hi everybody,

Maybe a newbie question, but I was wondering if back-tracing 
packets to its source is a service provider requirement? I 
mean if one of my hosts is being attacked, for example a 
simple ICMP DoS attack, what could I do if the service 
provider doesn't cooperate? I was wondering if there are 
certain procedures to detect the source of attacks?

Thanks in advance,
Hamid



--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer 
service. For more information on this free incident handling, 
management 
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: