nanog mailing list archives

Re: New Denial of Service Attack on Panix

From: Paul Ferguson <pferguso () cisco com>
Date: Wed, 18 Sep 1996 19:19:13 -0400

For what its worth, we are looking at this.

- paul


At 04:32 PM 9/17/96 -0700, Leonid Egoshin wrote:

From: "Forrest W. Christian" <forrestc () iMach com>

 5 minute SYNS: 123423   5 minute SYN-ACKS: 50000

Then, if the ratio got too high, it can start yelping about "Potential SYN 
D-O-S Atttack in progress on Interface Serial 1"


   I suggest to check not only ratio (assymetric routing !),
but high number of SYNs to single host.

                              - Leonid Yegoshin, LY22


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Reston, Virginia   USA                                 ||||      ||||
tel: +1.703.716.9538                               ..:||||||:..:||||||:..
e-mail: pferguso () cisco com                         c i s c o S y s t e m s

- - - - - - - - - - - - - - - - -

Current thread:

Re: New Denial of Service Attack on Panix, (continued)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
  - Re: New Denial of Service Attack on Panix Jeff Young (Sep 18)
- Re: New Denial of Service Attack on Panix Guy T Almes (Sep 18)
  - Re: New Denial of Service Attack on Panix Tim Bass (Sep 18)
- Re: New Denial of Service Attack on Panix Stan Barber (Sep 18)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 18)
  - Re: New Denial of Service Attack on Panix Dan Ellis (Sep 18)
  - Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Leonid Egoshin (Sep 18)
- Re: New Denial of Service Attack on Panix Paul Ferguson (Sep 18)
- Re: New Denial of Service Attack on Panix Justin W. Newton (Sep 19)
  - Re: New Denial of Service Attack on Panix Barry Caplin (Sep 20)
- Re: New Denial of Service Attack on Panix Kent W. England (Sep 19)
- Re: New Denial of Service Attack on Panix Hans-Werner Braun (Sep 21)
  - Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
- Re: New Denial of Service Attack on Panix Hans-Werner Braun (Sep 21)
  - Re: New Denial of Service Attack on Panix Michael Dillon (Sep 21)
  - Re: New Denial of Service Attack on Panix Tim Bass (Sep 21)
  - Re: New Denial of Service Attack on Panix Peter Dawe (Sep 22)
    - Re: New Denial of Service Attack on Panix Brian Carpenter CERN-CN (Sep 22)

(Thread continues...)