Security Incidents mailing list archives
RE: DoS "Probing" on one of our hosts
From: "King, Brian" <BKing () langleyfcu org>
Date: Mon, 30 Jun 2003 11:21:22 -0400
Chris,
Uhm, I'm quite positive that 97.8 mBit coming in through our uplink are
a pretty good indicator for an attack.
without any idea of what kind of traffic it was, I would not assume anything. For one thing, can you prove that the traffic was externally generated? Looking at how aggressively slammer scanned, I would not discount that the traffic could be generated by a worm within your network. Without knowing the destination of the "DOS" packets, you can't tell if it was a routing messup that sent a torrent of data to you.
And by "probing" I meant that maybe the attacker only tried to
determine
our maximum bandwidth for a larger-scale attack, since the DoSes
stopped
fairly soon without any outer influence.
Then again, it could be someone on your internal network probing to see how much they can slow down Yahoo using your bandwidth. I just don't think we should rush to conclusions without knowing anything about the traffic. Brian
Attachment:
smime.p7s
Description:
Current thread:
- DoS "Probing" on one of our hosts Christopher Kunz (Jun 29)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Edward Balas (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- <Possible follow-ups>
- re: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Donald Voss (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- Re: DoS "Probing" on one of our hosts Chris Calvert (Jun 30)
- RE: DoS "Probing" on one of our hosts Keith T. Morgan (Jun 30)
- RE: DoS "Probing" on one of our hosts King, Brian (Jun 30)
- Re: DoS "Probing" on one of our hosts Christopher Kunz (Jun 30)
- RE: DoS "Probing" on one of our hosts Cook, Christopher S. (Jun 30)
- RE: DoS "Probing" on one of our hosts Harlan Carvey (Jun 30)
- RE: DoS "Probing" on one of our hosts Stone, Alexander (Jun 30)