North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: NANOG meeting subject of attack? Hmmmm....
At 20:21 09/02/00 -0500, Travis Pugh wrote: Interesting and may have nothing to do with it, but: http://moat.nlanr.net/TopThroughput/ Starting at 2/2/2000, I have seen the top 100 Internet-2 flows to be significantly higher than a month ago. I would also look at vBNS: http://www.vbns.net/stats/flows/data/results/hibw/ Feel free to do the analysis and see if anything of interest turns up. Regards, Hank > > >On the subject of cooperation, has anyone set out to catalog where these >attacks are coming from, at least in terms of compromised networks, and >share said information? I know similar catalogs sprang up in response to >smurfs ... is it time to start listing offending networks? Even better, >does anyone know if the attacks are using something like TFN2K and using >dummy addresses to obfuscate real attacking hosts? > >I see a lot of talk of attacked sites putting up router filters to >stop attacks. Can anyone who knows let the rest of us in on what was >filtered ... was Yahoo taken down with a flood of HTTP GETs, ICMP, UDP, >SYN floods, or what? If this is a DDoS, the attack could probably be >fingerprinted ... this would be very useful information if we are going >to see more tomorrow. Do we know if the source addys are spoofed, and if >an attacker could turn off spoofing, revealing the source of the traffic >but getting around some filtering? > >I am making the assumption that the last three days' attacks were caused >by the same person or persons. But the intent is the same regardless >... we can all go back and forth on NANOG about what might be happening, >and wait for the feds to chase down the attacker(s), or people who have >been attacked or might be attacked can compare notes and try to get an >idea of where the attacks are coming from and exactly what they are. > >Any relevant info would be appreciated. Nobody knows who is next. > >-travis > > >On Wed, 9 Feb 2000, Joe Shaw wrote: > >> >> >> Make it a law, and they will. But I don't think laws are the answer >> to cooperation. The Tier1's should take the time to work together on >> their own before they are forced to in a way they may not like. >> >> -- >> Joseph W. Shaw - firstname.lastname@example.org >> Computer Security Consultant and Programmer >> Free UNIX advocate - "I hack, therefore I am." >> >> On Wed, 9 Feb 2000, Henry R. Linneweh wrote: >> >> > they should be made to co-operate with the backbone provider and not have >> > much choice in the matter. >> >> >> > > >