Network Security: Detailed info on Re: DoS attack... what to do?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: DoS attack... what to do?

from [Jose Nazario] Network Security

[Permanent Link]

Subject:	Re: DoS attack... what to do?
Date:	Tue, 4 Jan 2005 19:19:06 -0500 (EST)

On Tue, 4 Jan 2005, Bernie Cosell wrote:

How do you do this?  If the packets coming in have forged source-IP
addresses, how do you trace them backwards?


backtrace via the input and output intreface IDs from the devices the
traffic traverses. if you have well formed characteristic (ie SYN packets
destined to a particular dest and dport) you can trace it that way. follow
it back as far as you can go and, if it crosses operational boundaries,
get some cooperation (in the case of very large events).

cisco does this, arbor does this, etc ...

________
jose nazario, ph.d.                     jose@monkey.org
http://monkey.org/~jose/                http://infosecdaily.net/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
DoS attack... what to do?, Nigel Kukard Re: DoS attack... what to do?, falcon Re: DoS attack... what to do?, Faisal Khan Re: DoS attack... what to do?, Mark C Re: DoS attack... what to do?, Bernie Cosell Re: DoS attack... what to do?, Jose Nazario <= RE: DoS attack... what to do?, Shaffer, Bruce Re: DoS attack... what to do?, Steve Friedl RE: DoS attack... what to do?, Craig Skelton Re: DoS attack... what to do?, Alvin Oga Re: DoS attack... what to do?, Valdis . Kletnieks Re: DoS attack... what to do?, Paul Laudanski Re: DoS attack... what to do?, easternerd RE: DoS attack... what to do?, Drumm, Daniel Re: DoS attack... what to do?, Fergie (Paul Ferguson)

Previous by Date:	RE: DoS attack... what to do?, Drumm, Daniel
Next by Date:	RE: DoS attack... what to do?, Craig Skelton
Previous by Thread:	Re: DoS attack... what to do?, Bernie Cosell
Next by Thread:	RE: DoS attack... what to do?, Shaffer, Bruce
Indexes:	[Date] [Thread] [Top] [All Lists]