- Original Message -
From: Sean Donelan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 9:17 AM
Subject: Re: Al Jazeera DOSed or just lots of traffic
:
: On Mon, 24 Mar 2003, james wrote:
: : It was DDoSed even the nameservers routes were null due to the DDoS
huge
http://www.finisar.com/product/product.php?product_id=165product_category_id=150
CWDM GBIC OC48 Transceiver with APD Receiver (FTR-1621)
Seems nifty. Anyone using this?
Also, me making my once-a-year request; anyone know of GBICs based on
ITU-Grid frequencies that would work with Cisco
How does one convey to a CTO who has everything that nmap 10.0.0.0/8 has
side effects?
Sorry - I didn't expect it to be running for such a long time. I apologize
for any consternation it may have caused. I ran it because I couldn't get
into the system larceny that night. I thought that a
Looking for advice.
I am sorry if this was discussed before, but I cannot seem to find this.
I want to use source routing as a way to stop a DoS rather than use
access-lists.
In other words, lets say I know the source IP (range of IPs) of an attack
and they do not change.
If the destination
I dunno how you want to implement this; but as far as I know, the way most
people generally do policy routing on cisco thru routemap is they define
the source IP's via access-list... Does that make a huge difference than
regular access lists? I dunno...
I've kinda tested it in the lab with two
## On 2003-03-25 09:06 -0500 Christian Liendo typed:
[snip]
CL
CL Depending on the router and the code, if I implement an access-list then
CL the CPU utilization shoots through the roof.
CL What I would like to try and do is use source routing to route that traffic
CL to null. I figured it
At 09:21 AM 3/25/2003 -0500, Haesu wrote:
I dunno how you want to implement this; but as far as I know, the way most
people generally do policy routing on cisco thru routemap is they define
the source IP's via access-list... Does that make a huge difference than
regular access lists? I dunno...
On Tue, 25 Mar 2003 09:06:01 -0500
Christian Liendo [EMAIL PROTECTED] wrote:
I am sorry if this was discussed before, but I cannot seem to find
this. I want to use source routing as a way to stop a DoS rather than
use access-lists.
If you fooled the router into thinking that the reverse path
uRPF will certainly save a bit of CPU cycles than access-lists or policy
routing.. it would be intertesting to know any kind of 'common practice'
ways people use to fool the router so that it will think such offensive
source IP's are hitting uRPF.
i am not really sure what kind of traffic we are
uRPF will certainly save a bit of CPU cycles than access-lists or policy
routing.. it would be intertesting to know any kind of 'common practice'
ways people use to fool the router so that it will think such offensive
source IP's are hitting uRPF.
null route? even with a loose check, if you
If you fooled the router into thinking that the reverse path for the
source is on another another interface and then used strict unicast RPF
checking, that may accomplish what you want without using ACLs. I don't
know what impact it would have on your CPU however, you'll have to
investigate or
Hi, NANOGers.
As of 24 March 2003 IANA has allocated a new block of ASNs to ARIN.
The ASN range changes are:
Was 29696 - 32767 Held by the IANA
Now 29696 - 30719 Allocated by ARIN (March 2003)
Now 30720 - 32767 Held by the IANA
The bogus ASN monitoring has been updated to reflect
On Tue, 25 Mar 2003, Christian Liendo wrote:
Looking for advice.
I am sorry if this was discussed before, but I cannot seem to find this.
I want to use source routing as a way to stop a DoS rather than use
access-lists.
you can null route it also.
In other words, lets say I know the
On Tue, 25 Mar 2003, Haesu wrote:
uRPF will certainly save a bit of CPU cycles than access-lists or policy
that is HIGHLY dependent on the platform in question. For the stated
'router' (5500+rsm) I'd think the impact would be about the same as for an
acl. 7500+RSP or 5500+RSM (which is
On Tue, 25 Mar 2003, Jim Deleskie wrote:
If you fooled the router into thinking that the reverse path for the
source is on another another interface and then used strict unicast RPF
checking, that may accomplish what you want without using ACLs. I don't
know what impact it would have on
i am not really sure what kind of traffic we are talking about,
but if its around 100Mbits/sec or so bandwidth, TurboACL should do it just
fine (around ~20% or lower CPU usage on a 7206VXR with NPE-G1)
most likely the pps would kill the 5500 long before the bps :( especially
if you
Haesu wrote:
I dunno how you want to implement this; but as far as I know, the way
most people generally do policy routing on cisco thru routemap is
they define
the source IP's via access-list... Does that make a huge difference
than regular access lists? I dunno...
I've kinda tested it in
Hello,
We've noticed something we've never noticed before that became evident
at 14:00 today... and which could be an isolated glitch at
Verisign/Netsol, or it could be a sign of a larger problem looming.
The domain utclassifieds.com is answered as NXDOMAIN in the
gtld-servers.
[EMAIL
I have a problem on a home PC of all things. Every once in a
while it bursts into life and syn floods an IP address on port 80. The IP addresses
it chooses are random and varied. The network counters ratchet up alarmingly
(as viewed in the connections window). I am running winXP Pro on
I would look for something like an IRC bot. Zonealarm may not
catch it if it is on there for a while and some user 'permitted'
it at some point. Usually, these bots have names to sound like
system binaries. Anti virus software may not catch the agent.
Do you have any full packet captures from
I had
success on several computers catching IRC Bots with SwatIT, which is free.
http://www.lockdowncorp.com/
Ron
-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Christopher
Bird
Sent: Tuesday, March 25, 2003 8:56
PM
To: [EMAIL PROTECTED]
Christopher Bird wrote:
I have zone alarm, an SMC Barricade firewall, and Norton anti virus.
Ahhh, but do you have Ad-Aware?
--
-Jack
- Original Message -
From: Christopher Bird [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 5:55 PM
Subject: Syn Flood
I have a problem on a home PC of all things. Every once in a while it
bursts into life and syn floods an IP address on port 80. The IP
addresses
Ron Harris wrote:
I had success on several computers catching IRC Bots with SwatIT, which is
free.
http://www.lockdowncorp.com/
I would recommend that anyone who considers using Lock Down's software
be aware of the content here:
24 matches
Mail list logo
