[4438] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Mark A. Fullmer)
Mon Sep 16 23:34:44 1996
From: "Mark A. Fullmer" <maf@net.ohio-state.edu>
To: paul@vix.com (Paul A Vixie)
Date: Mon, 16 Sep 1996 23:29:54 -0400 (EDT)
Cc: c-huegen@quad.quadrunner.com, bass@cactus.silkroad.com, kwe@6sigmanets.com,
nanog@merit.edu, iepg@iepg.org
In-Reply-To: <9609170144.AA12468@wisdom.home.vix.com> from "Paul A Vixie" at Sep 16, 96 06:44:43 pm
Reply-To: maf@net.ohio-state.edu
Paul A Vixie writes:
>If Cisco routers had TCPDUMP capability this would be a lot simpler. If
>all the routers in the universe had TCPDUMP, and all the router operators
>had eachother's phone numbers, we could track this to the source in less
>than five minutes. Alas, the misfit teenagers of the underworld have
>caught us without any of the tools we need be able to track this down.
The attacks will show up in Cisco netflow switching exports though.
ftp://ftp.net.ohio-state.edu/users/maf/priv/flow.tar is the start
of a toolkit.
--
mark
