nanog mailing list archives
RE: My First Denial of Service Attack..... (fwd)
From: Michael Dillon <michael () memra com>
Date: Sun, 6 Oct 1996 16:22:55 -0700 (PDT)
---------- Forwarded message ---------- Date: Sun, 6 Oct 1996 11:40:25 -0400 From: Dave Van Allen <dave () fast net> Reply-To: inet-access () earth com To: "'inet-access () earth com'" <inet-access () earth com> Subject: RE: My First Denial of Service Attack..... Resent-Date: Sun, 6 Oct 1996 09:38:04 -0600 (MDT) Resent-From: inet-access () earth com FYI, (if it has already been mentioned, please excuse the double post, but:) The latest version of the SYN attack code published in Phrack (last weeks edition, NOT last months) has an imbedded 'ping' ever several hundred SYN packets. If you get attacked, run snoop, tcpdump or anything that captures packets, and look for the pings - they have the real source address of the sender of the SYN flood attack. Please note, obviously the code can be modified to NOT ping, but our attacker last night did not do that, and we had the name of the user, their ISP, and other info in less than 15 minutes. Best regards, - Dave Van Allen - You Tools Corporation/FASTNET(tm) dave () fast net (610)954-5910 http://www.fast.net FASTNET - PA/NJ/DE Business Internet Solutions
---------- From: Avi Freedman[SMTP:freedman () netaxs com] Sent: Saturday, October 05, 1996 7:37 PM To: inet-access () earth com Subject: Re: My First Denial of Service Attack.....I have a question about this - Could place an incoming ping filter denying all on your router, AND turn off small servers on the router? Would this work? Is there a downside to this? -Elroy ( elroy () mail kcstar com )Not to state the obvious, but if you turn off pings into your network then noone can ping into your network (for diagnostics etc...) Turning off small-servers on the router only affects things to the router (and not ICMP pings, just presumably udp pings). Avi ============================== ISP Mailing List ============================== Email ``unsubscribe'' to inet-access-request () earth com to be removed. Email ``subscribe'' to inet-access-request () earth com to join the list.
============================== ISP Mailing List ============================== Email ``unsubscribe'' to inet-access-request () earth com to be removed. Excellent day for putting Slinkies on an escalator. - - - - - - - - - - - - - - - - -
Current thread:
- RE: My First Denial of Service Attack..... (fwd) Michael Dillon (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- <Possible follow-ups>
- RE: My First Denial of Service Attack..... (fwd) Tim Salo (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Eric Ziegast (Oct 07)
- Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 07)
- Re: My First Denial of Service Attack..... (fwd) Curtis Villamizar (Oct 08)
- Re: My First Denial of Service Attack..... (fwd) Tersian (Oct 08)
- Re: My First Denial of Service Attack..... (fwd) Avi Freedman (Oct 06)
- Re: My First Denial of Service Attack..... (fwd) Ed Morin (Oct 07)