|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nick Sugiero (n.sugiero
infra-services.com)Date: Wed Oct 10 2001 - 21:39:17 CDT
Focus Linux Group,
Recently my server had a DOS attack, We block all ICMP/UDP to stop DOS
attacks.
However the other night I saw quite an effective attack on the server which
was about 7 to 9mbps
hitting ident (113) TCP.
This totally saturated CPU and load averages went over 150.00.
Effectively grinding the server to a halt.
I tried changing identd to a different vendor package however that failed to
help, The effect was not as bad.. Around 99.00 load averages. However the
server could barely do anything.
Does anyone what kind of attack does this ?
I haven't personally seen a identd attack like this before.
And most importantly how can I avoid CPU saturation like this when it occurs
?
I can't turn off identd so I must find a walk around.
Thanks for any help you can give.
-- Nick Sugiero Infra Internet Services, Ltd - Technical Team Progenic Security, Ltd - Audit Team Phone: +44 (0)1276 500597 Website: http://www.infra-services.comThis E-Mail is private and confidential, please do not forward or relay this message in anyway without the consent of the sender. If you have received this electronic transmission in error, please notify us by telephone immediately at +44 (0)1276 500597
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]