DOS attack over the weekend

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

DOS attack over the weekend

Jacob S
Hello list,

Over the weekend, the T1 at work was DOSed by an ip that appears to
belong to a University in Germany. Since it was coming from a university
and not an isp, I was hoping I would be more likely to get some action
done about it, instead of being ignored.

But I have a couple of questions before I work on reporting it. Has
anyone had good success getting this kind of problem dealt with by a
university before? What are the chances the IP was spoofed that was
DOS'ing us, for the purpose of using our server(s) as part of a DDOS
against the university?

Does anyone know of a good tool that would warn us about possible DOS
attacks? I know we can't stop the DOS from our side, but at least it
would give us a head start on our troubleshooting. Our ISP tells us they
were flooding us with approximately 10,000 udp packets/second - causing
25 - 50% packet loss when I would try to ping our servers from the
outside.

I would ask if anyone has any good contacts at this university, except
I'm leaving their name unmentioned for now.

TIA,
Jacob


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: DOS attack over the weekend

Andreas Schoenberg

Hello,

I don't have contact to any university, but I am from Germany and maybe I
can help in conversation with them!

We use snort on a mirrored switch port to detect such problems.

Andreas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: DOS attack over the weekend

Andreas John
Hi!

Andreas Schoenberg wrote:
> I don't have contact to any university, but I am from Germany and maybe
> I can help in conversation with them!

Which University? (Please P-Mail) They usually are pretty fast in
stopping students from doing harm and they all have a usage policy
(which forbids DoS). I suspect that there is a trojaned machine/account
on this particular campus.

rgds,
Andreas


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: DOS attack over the weekend

Jacob S
In reply to this post by Jacob S
On Tue, 31 May 2005 09:09:41 -0500
Jacob S <[hidden email]> wrote:

> Hello list,
>
> Over the weekend, the T1 at work was DOSed by an ip that appears to
> belong to a University in Germany. Since it was coming from a
> university and not an isp, I was hoping I would be more likely to get
> some action done about it, instead of being ignored.

Ok, my face is a little red now. I realized it was a university in the
Netherlands, not Germany. I do realize the difference between a .de or
.nl domain most of the time... :-)

<heads off to dust up on my geography...>

Jacob


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: DOS attack over the weekend

Pim Bliek
In reply to this post by Andreas John
If you guys need help on this, I am from the Netherlands.

Pim


On May 31, 2005, at 11:14 PM, Andreas John wrote:

> Hi!
>
> Andreas Schoenberg wrote:
>
>> I don't have contact to any university, but I am from Germany and  
>> maybe I can help in conversation with them!
>>
>
> Which University? (Please P-Mail) They usually are pretty fast in  
> stopping students from doing harm and they all have a usage policy  
> (which forbids DoS). I suspect that there is a trojaned machine/
> account on this particular campus.
>
> rgds,
> Andreas
>
>
> --
> To UNSUBSCRIBE, email to [hidden email]
> with a subject of "unsubscribe". Trouble? Contact  
> [hidden email]
>
>

--
---------------------------------------------
PingWings - Making the penguin fly
- - - - - - - - - - - - - - - - - - - - - - -
M:  06-24711729
E:  [hidden email]
I:    www.pingwings.nl
---------------------------------------------


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]