spiff wrote:
>
> My friends ISP has been under continuous distributed denial of service
> attack for several days now. Knowing that at least some of you have
> experienced this attack, can anyone outline the procedures they used to
> minimize the impact of the attack, notify upstream pipes and trojaned
> hosts of their part in the attack, and any other suggestions you may have
> for how to effectively deal with ddos attacks?
SANS has developed a number of papers and procedures for doing just
that. Check out:
http://www.sans.org/giac.htm
> The FBI has been notified, and further notification of affected
> hosts/providers will be commencing once the sysdamin wakes up.
This pretty much sums up who's going to give you direction from here.
Any involvement from any outside organization could be viewed as
interfering with an official FBI investigation. Lite waters to tread
on...
Happy hunting,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
