On Mon, 20 Sep 2004, Lucky Leavell wrote:
We are a small ISP suffering from repeated SYN Flood DoS/DDoS type attacks. After putting a bridging firewall in place and using a packet sniffer, we are certain the attacks are coming from within our own network with machine A attacking machine B, both of which are in the same subnet. If you cut off machine A, the attack merely resumes with machine C attacking machine D, etc. Attacks rarely last more than a few minutes at a time.
What port are the attacks from/to? I wouldn't be surprised if it was an accidental attack due to misconfigured software. (I recently had a bunch of machines attack their NFS server due to a bug in the RH9 init scripts.)
Any further ideas/suggestions?
Posting to comp.security.misc or [EMAIL PROTECTED] might get you more useful answers.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=-
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
