RE: Packet Flood Denial of Service (fwd)

[Robert Dinse <nanook@eskimo.com>]

     No, I have my watch set to 24 hours, and somehow subtracted 12 from 16
to get 6.  It was 4:50PM.

---------- Forwarded message ----------
Date: Thu, 14 Sep 2000 17:18:12 -0700
From: Ted Weiler <tweiler@treat-hie.com>
To: 'Robert Dinse' <nanook@eskimo.com>
Subject: RE: Packet Flood Denial of Service

Predicting the future now are you? Whose going to win the election? or even
better, how about some winning lottery numbers.

Ted

-----Original Message-----
From: Robert Dinse [mailto:nanook@eskimo.com]
Sent: Thursday, September 14, 2000 5:03 PM
To: outages-list@eskimo.com
Subject: Packet Flood Denial of Service



     Around 6:50 PM today we were hit for a UDP packet flood denial of
service
attack which lasted for about ten minutes.  As soon as I turned the
filtering
off on our router so I could attempt to capture some of the traffic, it
stopped.

     This has become a pattern in recent attacks which leads me to believe
the
attackers are watching this to prevent any data from being collected that
might
provide a defense.

     Cisco people have indicated a willingness to work on this problem but
they
need some captured traffic to do so.

     This attack is a packet fragment leakage attack, if anybody knows of
the
program used to generate these attacks, it would be most helpful in that it
would allow Crisco to test and arrive at an eventual fix.