Hello all,
My friends ISP has been under continuous distributed denial of service
attack for several days now. Knowing that at least some of you have
experienced this attack, can anyone outline the procedures they used to
minimize the impact of the attack, notify upstream pipes and trojaned
hosts of their part in the attack, and any other suggestions you may have
for how to effectively deal with ddos attacks?
I will be composing a letter to send to any trojaned hosts we can
identify, with notification of their suspected compromise, and suggestions
as to how to scan and de-louse their hosts. Has anyone written such a
document? Could you send along a copy? Thanks.
Also any data that you may have detailing the specifics of the attacks you
have experienced would be appreciated, as it will help to explain to the
upstream providers as to what they can do to minimize/block the
attacks.
The FBI has been notified, and further notification of affected
hosts/providers will be commencing once the sysdamin wakes up.
He's had no sleep for 2 days. I just got a brief overview of the attack,
but from what I can tell it's really messy. I'll forward all the details I
can when I know more, including procedures and fixes as implemented.
I know it was only a few weeks ago that I sarcasticly commented on
Macrus Ranum & Dave Dittrich's binary only solaris scan release.
Again, Marcus and Dave, mea culpa, serves me right. Since then the source
has been released and I'm very happy for that.
Any and all help will be appreciated, thank you all very much.
John
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
