[54420] in North American Network Operators' Group
DDos syn attack
daemon@ATHENA.MIT.EDU (Mike Hyde)
Mon Dec 30 09:44:58 2002
From: Mike Hyde <mhyde@escape.ca>
To: nanog@merit.edu
Date: 30 Dec 2002 08:44:26 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Just wondering how people have delt with DDOS syn attacks on port 80 of
a customers server? We had an attack a couple of days ago, and it
overwelmed both the customers firewall and, when we tried to turn up
filtering on a 7600 cisco router, the router also. We ended up having
the customer change his IP for the site under attack. We were lucky in
that the attack was against an IP and not the DNS name.
--
Mike Hyde <mhyde@escape.ca>
