TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I disagree, you'll find these attacks are using newer techniques, However I
agree on your point that admins with interfaces to public networks should
look beyond the actual system, most of these baby attacks can be stopped at
the router level (no ip directed-broadcast!). Also if proper contingency
was/is used, the worst that could happen is that one site could be blocked,
while the other 100 or so around the country continue as normal - time to
expand your mind people.
----------------------------------------------------------------------------
I don't see the problem about al those DoS attacks. _Basicly_ no new
techniques have been used.
If someone detects "floods"(ICMP), then disable the services or install
good
security software like ISS.
But I don't understand why so many admins have problems disabling things,
which are even not beeing used!
The ISS Forum is already beeing used like a "how do I" mailinglist and no
serious things.
regards
lark lizerman
> --------------------------------------------------------------------------
--
>
> We've observed some weird behavior at one of our sites. We get a single
ping
> from several hundred different IP addresses over the span of 10-20
minutes.
> It seems to repeat every several hours. Needless to say with the all DoS
> activity on the Net our site management is particularly nervous. When I
run
> the canned Event Priority type reports the PING events do not get seem to
be
> logged.
>
> Two questions:
> Has anyone else observed this type of behavior?
> Is there way to generate a custom report to isolate the PINGs so I can do
> some mapping and further analysis.
>
>
> Thanks,
> _Mark
