nanog mailing list archives
Re: router syn/syn-ack/ack alarming...
From: "Justin W. Newton" <justin () erols com>
Date: Wed, 18 Sep 1996 13:34:26 -0400
At 09:50 AM 9/18/96 -0700, Michael Dillon wrote:
On Wed, 18 Sep 1996, Guy T Almes wrote:the source host. Syn/synack/ack ratio detection is complementary, since it could help detect an attack near the destination host.It could also help detect an attack near the source host which would help *GREATLY* in tracing the perpetrator of the attacks. This ratio detection doesn't need to shutdown anything, just syslog the fact so that admins have something in their logs like SYN/ACK RATIO 33:1 POSSIBLE HACKER ATTACK which will make them sit up and take notice.
Ubfortunately the number of people who actually monitor their routers that closely is probably limited to the members of this list. We're much more likely to get people to filter their networks than to actively monitor anything. I am speaking from the background at having worked at a small ISP where if I wasn't there noone monitored anything basically until it started smoking. Justin Newton Internet Architect Erol's Internet Services - - - - - - - - - - - - - - - - -
Current thread:
- router syn/syn-ack/ack alarming... Regis Donovan (Sep 17)
- Re: router syn/syn-ack/ack alarming... Alex.Bligh (Sep 17)
- Re: router syn/syn-ack/ack alarming... Mr. Jeremy Hall (Sep 17)
- Re: router syn/syn-ack/ack alarming... Perry E. Metzger (Sep 17)
- Re: router syn/syn-ack/ack alarming... Jeff Young (Sep 17)
- <Possible follow-ups>
- Re: router syn/syn-ack/ack alarming... Vadim Antonov (Sep 17)
- Re: router syn/syn-ack/ack alarming... Paul Ferguson (Sep 18)
- Re: router syn/syn-ack/ack alarming... Guy T Almes (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Guy T Almes (Sep 18)
- Re: router syn/syn-ack/ack alarming... Justin W. Newton (Sep 18)
- Re: router syn/syn-ack/ack alarming... Vern Paxson (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Larry J. Plato (Sep 18)
- Re: router syn/syn-ack/ack alarming... George Herbert (Sep 18)
- Re: router syn/syn-ack/ack alarming... Mark A. Fullmer (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Michael Dillon (Sep 18)
- Re: router syn/syn-ack/ack alarming... Curtis Villamizar (Sep 18)