My First Denial of Service Attack..... (fwd)

• Previous message (by thread): My First Denial of Service Attack..... (fwd)
• Next message (by thread): My First Denial of Service Attack..... (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There are other analyses that can be performed if you have a tcpdump
(NOT etherfind) output log of the headers from an attack.

It's well worth a few tens of megabytes...

CERT and some of the people working on the SYN attacks can help if
you have such traces.

Avi

> Date: Sun, 6 Oct 1996 11:40:25 -0400
> From: Dave Van Allen <dave at fast.net>
> Reply-To: inet-access at earth.com
> To: "'inet-access at earth.com'" <inet-access at earth.com>
> Subject: RE: My First Denial of Service Attack.....
> Resent-Date: Sun, 6 Oct 1996 09:38:04 -0600 (MDT)
> Resent-From: inet-access at earth.com
> 
> FYI, (if it has already been mentioned, please excuse the double post,
> but:)
> 
> The latest version of the SYN attack code published in Phrack (last
> weeks edition, NOT last months) has an imbedded 'ping' ever several
> hundred SYN packets.
> 
> If you get attacked, run snoop, tcpdump or anything that captures
> packets, and look for the pings - they have the real source address of
> the sender of the SYN flood attack.
> 
> Please note, obviously the code can be modified to NOT ping, but our
> attacker last night did not do that, and we had the name of the user,
> their ISP, and other info in less than 15 minutes.
> 
> Best regards,
> -
> Dave Van Allen - You Tools Corporation/FASTNET(tm) 
> dave at fast.net  (610)954-5910 http://www.fast.net 
> FASTNET - PA/NJ/DE Business Internet Solutions 

• Previous message (by thread): My First Denial of Service Attack..... (fwd)
• Next message (by thread): My First Denial of Service Attack..... (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]