[candidhosting.com #25891] AutoReply: RE: Identifying DoS-attacked IP address(es) (fwd)
who signed up a ticketing system to nanog?? --Chris (chris@uu.net) ---------- Forwarded message ---------- Date: Mon, 16 Dec 2002 16:22:09 -0500 (EST) From: Candid Hosting Support <support@candidhosting.com> To: chris@UU.NET Subject: [candidhosting.com #25891] AutoReply: RE: Identifying DoS-attacked IP address(es) Greetings, This message has been automatically generated in response to your trouble ticket request regarding: "RE: Identifying DoS-attacked IP address(es)", a summary of which appears at the bottom of this e-mail. Your ticket has been assigned an ID of [candidhosting.com #25891]. Our support personnel will contact you shortly in regards to this matter. If your request is concerning a dedicated server, please make sure that you have provided the following required information: - At least one domain name or IP address used on the server - Login and/or root passwords as required by the specific issue - Remote access, such as a pcAnywhere or VNC password, for Windows systems For future correspondence concerning this issue, please reply to this e-mail or include the string "[candidhosting.com #25891]" in the subject line of new messages. Regards, Candid Hosting Technical Support Team - support@candidhosting.com - ICQ #141214819 - 1-877-248-9888, Option #2 ------------------------------------------------------------------------- On Mon, 16 Dec 2002, Livio Ricciulli wrote:
FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates a model using the cross-product of: 1) source/destination address distributions 2) packet rate 3) protocol
But I can't field deploy this 2 continents away at 4am with 10 mins notice...
This works very well to detect floods and does not require messing with routers..
Livio.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Neil J. McRae Sent: Monday, December 16, 2002 9:38 AM To: Andre Chapuis Cc: Christopher L. Morrow; nanog@nanog.org Subject: Re: Identifying DoS-attacked IP address(es)
Sampled netflow, or look at the traceback stuff in later IOS 12.0S versions. Avoid filter lists as the GSR engine cards have a statically limited number of entries.
Regards, Neil.
(NH)
participants (1)
-
Christopher L. Morrow