[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Packet Flood Denial of Service
- To: outages-list@eskimo.com
- Subject: Packet Flood Denial of Service
- From: Robert Dinse <nanook@eskimo.com>
- Date: Thu, 14 Sep 2000 17:02:49 -0700 (PDT)
- Newsgroups: lobby, announcements
- Resent-Date: Thu, 14 Sep 2000 17:03:02 -0700
- Resent-From: outages-list@eskimo.com
- Resent-Message-ID: <"J_c9P3.0.5o5.pSMmv"@mx1>
- Resent-Sender: outages-list-request@eskimo.com
Around 6:50 PM today we were hit for a UDP packet flood denial of service
attack which lasted for about ten minutes. As soon as I turned the filtering
off on our router so I could attempt to capture some of the traffic, it
stopped.
This has become a pattern in recent attacks which leads me to believe the
attackers are watching this to prevent any data from being collected that might
provide a defense.
Cisco people have indicated a willingness to work on this problem but they
need some captured traffic to do so.
This attack is a packet fragment leakage attack, if anybody knows of the
program used to generate these attacks, it would be most helpful in that it
would allow Crisco to test and arrive at an eventual fix.