North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DDOS attacks lately?
That is completly NOT the case. Once they cannot take over channels they just like to cause havoc. We run a server on the Dalnet IRC Network and see SYN floods, Smurfs (Decreasing in frequency), fraggle, modified varients of pepsi and a number of other attacks. Other servers have reported attacks upto 150mbs. Only way to deal with it is with the FBI really. You can't effectivly filter it as it's normall spoofed. Best you can do is drop udp and icmp at the border (Even better if you can get your transit providers to drop it to that host at their meeting point with you), and deny all traffic locally on the machine except open ports. Even doing this, we still get taken down for maybe 5 minutes once a month. Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - firstname.lastname@example.org - email@example.com - WHOIS JS10172 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GE d-- s:+ a-- C++ UL+++ P--- L+++ E- W- N+ o-- K- w--- O M- V PS+ PE+++ Y+ PGP t+ 5 X+ R tv+ b+ DI+ D G e+ h! r++ y+ ------END GEEK CODE BLOCK------ On Sun, 20 Aug 2000, Shawn McMahon wrote: > On Sat, Aug 19, 2000 at 08:27:13PM -0400, John O Comeau wrote: > > > > Another interesting point to note is that lately, most attacks have been > > for the age-old purpose of taking over IRC channels by knocking out > > the host on which the operator's bot is running. At least, none of my > > clients have seen their websites getting attacked lately. Maybe the calm > > before the storm? > > Hence, if all the IRC networks would implement Chanserv, and educate users, > these attacks would decrease. > >