|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: getting to the point with DDoS
From: Ryan Russell (ryan
SECURITYFOCUS.COM)Date: Sun Mar 05 2000 - 15:12:43 CST
- Next message: Pavel Kankovsky: "Re: Port 65535"
- Previous message: Richard Bejtlich: "Re: web related oddity"
- In reply to: thomas lakofski: "getting to the point with DDoS"
- Next in thread: thomas lakofski: "Re: getting to the point with DDoS"
- Reply: Ryan Russell: "Re: getting to the point with DDoS"
- Reply: thomas lakofski: "Re: getting to the point with DDoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2 Mar 2000, thomas lakofski wrote:
> looks like someone's realised the better way to take out Internet
> infrastructure:
>
> Mar 2 20:04:47 oi iplog[11550]: ICMP: echo from a.root-servers.net (1480 bytes)
> Mar 2 20:12:26 oi iplog[11550]: ICMP: echo from a.root-servers.net (1480 bytes)
> Mar 2 20:14:08 oi iplog[11550]: ICMP: echo from a.root-servers.net (1480 bytes)
>
> hopefully *.root-servers.net have some strategy prepared for this...
>
I don't get the implication... You're getting echo replies from the DNS
root servers.. and I assume you didn't send the appropriate echo requests.
Are you thinking they're being ping-flooded? If an attacker makes it look
like the root servers are sending too much data, are the sites like yours
going to send quench messages?
Ryan
- Next message: Pavel Kankovsky: "Re: Port 65535"
- Previous message: Richard Bejtlich: "Re: web related oddity"
- In reply to: thomas lakofski: "getting to the point with DDoS"
- Next in thread: thomas lakofski: "Re: getting to the point with DDoS"
- Reply: Ryan Russell: "Re: getting to the point with DDoS"
- Reply: thomas lakofski: "Re: getting to the point with DDoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]