Possible New type of DOS attack - Test - lists.nanog.org

newer
RE: long distance gigabit ethernet

Possible New type of DOS attack

older
Wanted: Liebert AC Unit

Vinny India

25 Mar 2002 25 Mar '02

4:44 p.m.

Anyone out there ever witness an attack were you received several RSHPORT attempts (5 per second) on a cisco router from different spoofed source addresses. It was capable of taking out BGP and OSPF sessions on the router.

Reply

Sign in to reply online Use email software

Show replies by date

Mike Lewinski

25 Mar 25 Mar

4:52 p.m.

It was probably a large packet flood to random destination ports. Some of them happened to hit rshell. What really took out your routing procs was likely a huge packet flood, but due to volume you may not have been able to access normal interface counters (i.e. MRTG doesn't get any SNMP packets back when OSPF goes bye-bye). Mike ----- Original Message ----- From: "Vinny India" <vindia@ads.espire.net> To: <nanog@merit.edu> Sent: Monday, March 25, 2002 2:44 PM Subject: Possible New type of DOS attack

Anyone out there ever witness an attack were you received several RSHPORT attempts (5 per second) on a cisco router from different spoofed source addresses. It was capable of taking out BGP and OSPF sessions on the

router.

Reply

Sign in to reply online Use email software

8327

Age (days ago)

8327

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Mike Lewinski
Vinny India