Eskimo North


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DoS attack




     Ultra1 was the subject of some sort of denial of service attack that
basically exhausted all sockets and inodes.  There are a number of programs out
that do this.  Unfortunately, it wasn't until after the attack digging through
logs that I was able to figure out what happened, and then it was too late to
determine from where.  This particular type of attack can't have the source
spoofed because it requires the TCP three-way handshake for each connection
established, so if I had caught it in progress and realized what was happening
we would have been able to determine the origin.  For that reason, I do not
expect frequent reoccurances.  I did increase the number of available inodes to
make the attack more difficult.