North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: router syn/syn-ack/ack alarming...
On Wed, 18 Sep 1996, Guy T Almes wrote: > the source host. Syn/synack/ack ratio detection is complementary, since it > could help detect an attack near the destination host. It could also help detect an attack near the source host which would help *GREATLY* in tracing the perpetrator of the attacks. This ratio detection doesn't need to shutdown anything, just syslog the fact so that admins have something in their logs like SYN/ACK RATIO 33:1 POSSIBLE HACKER ATTACK which will make them sit up and take notice. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: firstname.lastname@example.org - - - - - - - - - - - - - - - - -