Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DOS Attack?

from [Mario Pascucci] Network Security [Permanent Link]
Subject: Re: DOS Attack?
Date: Thu, 25 Nov 2004 23:14:08 +0100 
Il gio, 2004-11-25 alle 03:22, Shawn Wall ha scritto:

Hi List,

I'm currently experiencing network outages due to what appears to be DOS
attacks. I'm running a wireless ISP using a Cisco 2611 and CBAC and I have a
/24 public address range. During the outage I can see traffic from a single
external host sending thousands of packets to a single internal host. I
don't have port 80 inbound open in my ACLs so I don't understand how the
external host is even able to contact the internal host to begin with.
Secondly, how is it possible for an attack on 1 internal host to cripple the
rest of my network? Any feedback would be welcome. Thanks.


Hi,
consider that most worms (like Gaobot or SDbot or almost all *bot worms)
uses connection from infected PC to attacker owned IRC server, to give
control even if the PC is behind a firewall. Through this connection,
the attacker can send "updates" to the viral code, or get data from the
infected PC.
If you can, check the kind of traffic and the TCP ports at the ends of
the connection. Try to use a sniffer, if you can, to detect the type of
connection and the direction of the traffic.
HTH
-- 
Mario "Reliant" Pascucci
http://ilpettegolo.altervista.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: which security hotfixs to implemet ?, Rino Mardo
Next by Date:  Re: deny access, Sean Earp
Previous by Thread:  Re: DOS Attack?, Suramya Tomar
Next by Thread:  Re: DOS Attack?, Juan Carlos Jimenez Jamett
Indexes:  [Date] [Thread] [Top] [All Lists]