Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Help in flood
From: "Guido Bolognesi [ Zen ]" <zen () kill-9 it>
Date: Wed, 1 Oct 2003 14:24:35 +0200
On Mon, Sep 29, 2003 at 03:43:15PM -0000, Mauro Marazzi wrote:

We have had a flood described below on a red hat 7.3 system with bind 9 (is a Dns server). Bandwidth consumption 
about 30Mbps. What kind of attack is? And how to prevent it?


        While I can't comment on the type of attack, I suggest you
        contact your upstream provider[1] to get the traffic filtered, if
        it's coming from a single or a small number of hosts.
        If it's distributed/spoofed things can get really bad.

        In the meanwhile, you can try to contact directly the provider
        on the other side asking to verify and, if it's the case, filter
        the traffic on his side.

[1] Colt Telecom, it seems.

ciao,
-- 
My home isn't cluttered; it's "passage restrictive."
zen () kill-9 it . Geek . And proud of it .
http://www.kill-9.it/jargon/html/entry/zen.html

---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • Re: Help in flood Guido Bolognesi [ Zen ] (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]