OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Richard Ginski (rginskico.pinellas.fl.us)
Date: Mon Jun 17 2002 - 11:24:42 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This past weekend, we experienced the periodic flooding of our network.
    The flooding caused our network to be inaccessible. The traffic has
    mainly been ICMP: large quantities of large spoofed packets...similar to
    "ping-of-death. Appropriate patching has been applied so the actual
    attach does not shut anything down. However, it does succeed in flooding
    of our network rendering it inaccessible.

    We are trying to figure out a way, if any, to mitigate this attack from
    flooding our network in the future. We tried to coordinate with our ISP
    upstream but they say they can't do anything....and we feel sending
    resets on our end would be useless and ineffective. We are trying to
    figure out a way to eliminate the "choke point" or "bottle neck" when
    the attacks occur. I feel we should be able to do something better than
    just "weathering the storm".

    Any suggestions?

    TIA

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com