Re: Denial of service attacks apparently from UUNET Netblocks
Date: Tue, 7 Oct 1997 12:04:27 -0400 (EDT) From: Alex Przekupowski <oop@idt.net>
On the MAX's that I have set up, I log that info to syslog (Local 7), and can pull it up at will. If you need a hand, just let me know. By combining the syslog output, and the RADIUS accounting logs, we can definately prove at least the home address of the attacker.
How are you providing source address assurance, on either a MAX or a TNT? My understanding, which may well be flawed, is that the only way is with a filter. I have heard claims, which may also be flawed, that filters have a severe performance impact on MAX and TNT. Without source address assurance, how do you know that the packets are actually coming from the user who was assigned that address at that time? Barney Wolff <barney@databus.com>
On Tue, 7 Oct 1997, Barney Wolff wrote:
Date: Tue, 7 Oct 1997 12:04:27 -0400 (EDT) From: Alex Przekupowski <oop@idt.net>
On the MAX's that I have set up, I log that info to syslog (Local 7), and can pull it up at will. If you need a hand, just let me know. By combining the syslog output, and the RADIUS accounting logs, we can definately prove at least the home address of the attacker.
How are you providing source address assurance, on either a MAX or a TNT? My understanding, which may well be flawed, is that the only way is with a filter. I have heard claims, which may also be flawed, that filters have a severe performance impact on MAX and TNT.
Without source address assurance, how do you know that the packets are actually coming from the user who was assigned that address at that time?
Barney Wolff <barney@databus.com>
What he means is that he can provide the number of the person who dialed into his equipment. That information can be given to you on your PRI, and reported in both radius accounting and syslog. Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services
participants (2)
-
Barney Wolff -
Joe Shaw