Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: distributed attack, high or not

  • From: Steven M. Bellovin
  • Date: Wed Jan 30 22:18:53 2002

In message <20020131025142.A12260@monet.titania.net>, "Joseph T. Klein" writes:
>
>I define it as random because the traffic rise could be seen
>coming in from multiple providers and looked to be the same
>percent from all sources (separate routers with separate
>interfaces to separate ASNs in separate geographic locations).
>The traffic was inbound and not backsplash from randomized
>source addresses.
>
>It looks to me like a infection with someone turning a control
>knob. Is this common or a precusor of a bad thing?
>
It's a classic DDoS attack, aimed at you.  Someone has lots of zombie 
machines out there; at some point, they sent a command packet to all of 
them, saying "bombard such-and-such an IP address for 3600 seconds".

Common?  It happens frequently to someone.  Precursor?  Entirely 
possible, though there's no way to know for sure.  But it can be very 
bad -- see http://news.zdnet.co.uk/story/0,,t269-s2103098,00.html
for what happened to a British ISP.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.