On Thu, 14 Jul 2011 23:13:03 PDT, Owen DeLong said:
On Jul 14, 2011, at 8:24 PM, Jimmy Hess wrote:
In most cases if you have a DoS attack coming from the same Layer-2 network that a router is attached to, it would mean there was already a serious security incident that occured to give the attacker that special point to attack from.
That's one possibility.
The other likely possibility is that you are a University.
Nope. Unless you want to add "or you are a cable provider, or you are a DSL provider, or you are a...." to that. (Hint - what percent of students launch DoS attacks that cut themselves off from the net? Compare to what percent of non-student machines out on cable and DSL are botted or pwned) Even if you're a university with resident students, if said students are on the same Layer-2 as anything you actually care about, you have a serious security incident. "Student manages to DoS the router out of the dorm and strands 3 floors of dorm without internet" is just as interesting as "Joe Sixpack manages to DoS the router at the cable head end and strands 3 blocks of Comcast customers without internet", for the *exact same reasons*. If the student is able to play more level-2 games than Joe Sixpack can, you misdesigned your network.