|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rob Shein (shoten_at_starpower.net)
Date: Tue Feb 04 2003 - 12:56:13 CST
It is not a requirement, unless for some reason it's in their terms of
service. That said, I've never seen a ToS from an ISP that involved
backtracing a DoS. Detecting the source, in the event that it involves
spoofed packets (as they almost always do), requires backtracing. If the
DoS is traffic-intensive, it may be coming from more than one source as
well, and there is no reliable way to determine this without backtracing
either.
> -----Original Message-----
> From: Hamid [mailto:hamidmails
panaisp.net]
> Sent: Monday, February 03, 2003 4:40 PM
> To: incidentssecurityfocus.com
> Subject: DoS Attacks, Detecting the Source, and Service Providers
>
>
> Hi everybody,
>
> Maybe a newbie question, but I was wondering if back-tracing
> packets to its source is a service provider requirement? I
> mean if one of my hosts is being attacked, for example a
> simple ICMP DoS attack, what could I do if the service
> provider doesn't cooperate? I was wondering if there are
> certain procedures to detect the source of attacks?
>
> Thanks in advance,
> Hamid
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management
> and tracking system please see: http://aris.securityfocus.com
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]