On Wed, Jul 31, 2002 at 12:22:30AM -0700, Randy Bush wrote:
AFAIK 12.0S only has the service provider feature set
i fear that the joke is on us. at least one other train seems to
have been merged into the ex-isp train. not sure how much. can't
get a straight answer. welcome back to
registry something like
dshield.org that collected data on the destination IP addresses of DoS
attacks along with estimated magnitude based on analysing the traffic from
random source addresses blocked by ingress filters, then we have something
an ISP can use to analyze their outgoing traffic. If you
Hank Nussbacher wrote:
So, to restate the problem, how do we identify some of the sources of a
DoS attack quickly, maybe even while the attack is still in progress?
Not a complete solution but a start:
IP Source Tracker:
Not a complete solution but a start:
IP Source Tracker:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
limit/120s/120s21/ipst.htm
Available as of 12.0(22)S for 7500 and 12000 series Cisco routers.
ah yes. the new enterprise image. :-(
the destination addresses and time
periods of the attacks then other people could look in their netflow data
for traffic from bogon addresses to your destination. A central repository
like dshield.org for this data would be interesting.
Other than for idle curiosity, I think this is interesting
[EMAIL PROTECTED] wrote:
[...]
other people could look in their netflow data
for traffic from bogon addresses to your destination.
Do other people need such a list to discover invalid source addresses
emerging from their networks?
[...] the owners of compromised
machines used to
--On Sunday, July 28, 2002 09:35:40 -0500 John Palmer (NANOG Acct)
[EMAIL PROTECTED] wrote:
Yes - DSHEILD has our ORSC root server listed as well. I thought that
was hilarious.
Some might beg to differ.
--
Måns NilssonSystems Specialist
+46 70 681 7204 KTHNOC
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, July 29, 2002 5:37 AM
To: [EMAIL PROTECTED]
Subject: RE: Bogon list or Dshield.org type list
Having recently read David Moore's paper on backscatter analysis,
http://www.caida.org
On Mon, 29 Jul 2002, jnull wrote:
ISPs won't shut someone down because they've been hacked, merely send
them a warning Email or call--a process that takes days in my
experience.
Worse -- there is an increasing number of ASNs spewing traffic onto the
internet with NOBODY AT THE WHEEL. We
(albeit
small on their list)
--Phil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
alsato
Sent: Saturday, July 27, 2002 8:08 PM
To: [EMAIL PROTECTED]
Subject: Bogon list or Dshield.org type list
Im wondering how many of you use Bogon
Yes - DSHEILD has our ORSC root server listed as well. I thought that was hilarious.
- Original Message -
From: Charles Sprickman [EMAIL PROTECTED]
To: Johannes Ullrich [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, July 28, 2002 2:36 AM
Subject: Re: Bogon list or Dshield.org
I do not recommend adding every IP listed at DShield to your filter
/understatement.
I took a short while to peruse the data collected and distributed by
DShield. I don't believe I need to go into the many reasons (I'm sure
you know yourself) why this information is completely
:[EMAIL PROTECTED]]
Sent: Sunday, July 28, 2002 4:24 PM
To: jnull
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Dshield.org
I do not recommend adding every IP listed at DShield to your filter
/understatement.
I took a short while to peruse the data collected
Im wondering how many of you use Bogon Lists and http://www.dshield.org/top10.htmltype
lists on your routers? Im curious to know if you are an ISP with
customers or backbone provider or someone else? I have a feeling not many
people use these on routers? Im wondering why or why
not?
Ive
]] On Behalf Of
alsatoSent: Saturday, July 27, 2002 8:08 PMTo:
[EMAIL PROTECTED]Subject: Bogon list or Dshield.org type
list
Im wondering how many of you use Bogon Lists and
http://www.dshield.org/top10.htmltype
lists on your routers? Im curious to know if you are an ISP
15 matches
Mail list logo