North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Growing DoS attacks
- From: Avleen Vig
- Date: Wed Jan 16 17:59:14 2002
On Wed, 16 Jan 2002, Paul Froutan wrote:
> Hello all,
> Can some of you with larger networks let me know about the volume of the
> DoS attacks you have experienced lately? Our experience has been that the
> volume (not just occurrence) is going up significantly and I'm curious on
> the size of attacks that people are experiencing. For reference, while a
> year or two ago we used to get 50-100 meg attacks, now we're getting 500+ megs.
I don't run a large network, but I am curious and will help where
Are you able to say what kind of DoD attacks are taking place?
ICMP Floods? TCP Floods? UDP Floods? A mixture?
If you feel the src addr is spoofed, have you taken a packet capture and
looked for similarities in the packets?
I read a paper about 5 months ago where someone had worked very hard at
analysing the differences in packets generated by various DoS agents.
Maybe you should attempt to trace them back?
If they are Smurf attacks, I may be able to help more, let me know.
Network Security Officer
Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf