[4496] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Leonid Egoshin)
Tue Sep 17 16:12:45 1996
Date: Tue, 17 Sep 1996 12:45:19 -0700 (PDT)
From: Leonid Egoshin <egoshin@genesyslab.com>
To: davids@on-ramp.ior.com, kwe@6sigmanets.com
Cc: iepg@iepg.org, nanog@merit.edu
From my expirience:
There is one (not very complex) additional way to determine
the real source of attack - DNS. If you configure DNS servers
(you and secondaries also) to write log of requests and after
that change your server IP address, you can fix the time
then attacker change address to new. Manual analize of logs
can very limit the number of potential attackers - look at the time
of requests.
- Leonid Yegoshin, LY22
