[4595] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Sep 18 19:28:03 1996
Date: Wed, 18 Sep 1996 19:19:13 -0400
To: Leonid Egoshin <egoshin@genesyslab.com>
From: Paul Ferguson <pferguso@cisco.com>
Cc: forrestc@iMach.com, nanog@merit.edu, iepg@iepg.org
For what its worth, we are looking at this.
- paul
At 04:32 PM 9/17/96 -0700, Leonid Egoshin wrote:
>>From: "Forrest W. Christian" <forrestc@iMach.com>
>>
>> 5 minute SYNS: 123423 5 minute SYN-ACKS: 50000
>>
>>Then, if the ratio got too high, it can start yelping about "Potential SYN
>>D-O-S Atttack in progress on Interface Serial 1"
>
> I suggest to check not only ratio (assymetric routing !),
>but high number of SYNs to single host.
>
> - Leonid Yegoshin, LY22
>
--
Paul Ferguson || ||
Consulting Engineering || ||
Reston, Virginia USA |||| ||||
tel: +1.703.716.9538 ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com c i s c o S y s t e m s
