[46317] in North American Network Operators' Group
Re: Possible New type of DOS attack
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Mon Mar 25 16:52:19 2002
Message-ID: <010f01c1d447$4abab0c0$8265bccc@ml>
From: "Mike Lewinski" <mike@rockynet.com>
To: <nanog@merit.edu>
Date: Mon, 25 Mar 2002 14:52:00 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
It was probably a large packet flood to random destination ports. Some of
them happened to hit rshell. What really took out your routing procs was
likely a huge packet flood, but due to volume you may not have been able to
access normal interface counters (i.e. MRTG doesn't get any SNMP packets
back when OSPF goes bye-bye).
Mike
----- Original Message -----
From: "Vinny India" <vindia@ads.espire.net>
To: <nanog@merit.edu>
Sent: Monday, March 25, 2002 2:44 PM
Subject: Possible New type of DOS attack
>
> Anyone out there ever witness an attack were you received several RSHPORT
> attempts (5 per second) on a cisco router from different spoofed source
> addresses. It was capable of taking out BGP and OSPF sessions on the
router.
>
>
