[43777] in North American Network Operators' Group
Re: Fwd: Re: Digital Island sponsors DoS attempt?
daemon@ATHENA.MIT.EDU (Jonas Luster)
Fri Oct 26 03:10:23 2001
Date: Fri, 26 Oct 2001 00:06:09 -0700
From: Jonas Luster <jluster@d-fensive.com>
To: nanog@merit.edu
Message-ID: <20011026000609.A31048@netwarriors.org>
Mail-Followup-To: Jonas Luster <jluster@d-fensive.com>,
nanog@merit.edu
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI"
Content-Disposition: inline
In-Reply-To: <20011025205447.F11022@buffoon.automagic.org>
Errors-To: owner-nanog-outgoing@merit.edu
--+HP7ph2BbKc20aGI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Joe Abley sez:
> On Thu, Oct 25, 2001 at 05:37:16PM -0700, Christopher J. Wolff wrote:
> > Unfortunately, in this case I am not a customer of Digital Island in any
> > way, nor have I given them authorization to hammer my network 441 times=
(and
> > counting) in the last two hours.
>=20
> 441 echo requests in two hours?
>=20
> That doesn't sound like a very big hammer :)
It is also way more than necessary to gather any kind of statistics or
improve any kind of routing. 441/120 =3D=3D one every 20 seconds. I cannot
possibly imagine any circumstances in which this amount of "testing" is
necessary if the remote end is some site outside the influence of
Digital Island. Was the testing end 100 percent positive not to hit some
dial up line it's keeping artificially up? Also, a generated
IDS/Firewall log would imply some kind of blocking of those requests -
if I don't get a reply at the first five tries why do I keep up probing
the IP? And IF there was a reply - what about this test is so important
that it has to be repeated in 20 second intervals?
jonas
--=20
Jonas M. Luster -- jluster@d-fensive.com -- +1 408 768 4148
1024D/8B06BE75 -- 0E0A 8672 78B5 DB9F A911 1C04 2E20 4C9B 8B06 BE75
http://www.d-fensive.com (work) -- http://www.baysec.org/~jluster/ (play)
--+HP7ph2BbKc20aGI
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE72QthLiBMm4sGvnURAmkBAKC7CVgG1dfORb/ALLULa3DTZu0u5QCdHbjA
TQq6T2tJsM47Z3071/1MkyM=
=LE8d
-----END PGP SIGNATURE-----
--+HP7ph2BbKc20aGI--
