Network Security: Detailed info on Re: DoS attack... what to do?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: DoS attack... what to do?

from [Bernie Cosell] Network Security

[Permanent Link]

Subject:	Re: DoS attack... what to do?
Date:	Tue, 04 Jan 2005 18:04:03 -0500

On 4 Jan 2005 at 16:44, Mark C wrote:

1) Netsky's 5556 is TCP, so I'd fire up netcat or something and see if 
actual 3-way handshakes happen.  If yes, then it's much less likely that 
it's someone out in the world spoof SYNflooding you.  If no, then I'd 
treat this as a SYNflood and trace backwards through the ISP, you'll 
probably find it's coming from far fewer sources than you think.


How do you do this?  If the packets coming in have forged source-IP 
addresses, how do you trace them backwards?

  /Bernie\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie@fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
DoS attack... what to do?, Nigel Kukard Re: DoS attack... what to do?, falcon Re: DoS attack... what to do?, Faisal Khan Re: DoS attack... what to do?, Mark C Re: DoS attack... what to do?, Bernie Cosell <= Re: DoS attack... what to do?, Jose Nazario RE: DoS attack... what to do?, Shaffer, Bruce Re: DoS attack... what to do?, Steve Friedl RE: DoS attack... what to do?, Craig Skelton Re: DoS attack... what to do?, Alvin Oga Re: DoS attack... what to do?, Valdis . Kletnieks Re: DoS attack... what to do?, Paul Laudanski Re: DoS attack... what to do?, easternerd RE: DoS attack... what to do?, Drumm, Daniel Re: DoS attack... what to do?, Fergie (Paul Ferguson)

Previous by Date:	Re: DoS attack... what to do?, Steve Friedl
Next by Date:	RE: DoS attack... what to do?, Drumm, Daniel
Previous by Thread:	Re: DoS attack... what to do?, Mark C
Next by Thread:	Re: DoS attack... what to do?, Jose Nazario
Indexes:	[Date] [Thread] [Top] [All Lists]