Ron Harris wrote:
I had success on several computers catching IRC Bots with SwatIT, which is
free.
http://www.lockdowncorp.com/
I would recommend that anyone who considers using Lock Down's software
be aware of the content here:
http://www.pc-help.org/www.nwinternet.com/pchelp/lockdown/index.html
- Original Message -
From: "Christopher Bird" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 25, 2003 5:55 PM
Subject: Syn Flood
> I have a problem on a home PC of all things. Every once in a while it
> bursts into life and syn floods an IP address on port 80. The IP
> a
Christopher Bird wrote:
> I have zone alarm, an SMC Barricade firewall, and Norton anti virus.
>
Ahhh, but do you have Ad-Aware?
--
-Jack
I had
success on several computers catching IRC Bots with SwatIT, which is free.
http://www.lockdowncorp.com/
Ron
-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Christopher
Bird
Sent: Tuesday, March 25, 2003 8:56
PM
To: [EMAIL PROTECTED]
I would look for something like an IRC bot. Zonealarm may not
catch it if it is on there for a while and some user 'permitted'
it at some point. Usually, these bots have names to sound like
system binaries. Anti virus software may not catch the agent.
Do you have any full packet captures from th
I have a problem on a home PC of all things. Every once in a
while it bursts into life and syn floods an IP address on port 80. The IP addresses
it chooses are random and varied. The network counters ratchet up alarmingly
(as viewed in the connections window). I am running winXP Pro on t
Hello,
We've noticed something we've never noticed before that became evident
at 14:00 today... and which could be an isolated glitch at
Verisign/Netsol, or it could be a sign of a larger problem looming.
The domain utclassifieds.com is answered as NXDOMAIN in the
gtld-servers.
[EMAIL PROTECTE
Have you tried [EMAIL PROTECTED], or [EMAIL PROTECTED]
Thanks,
Dan
On Mon, 24 Mar 2003, Will Yardley wrote:
>
> [ Reply-To set to me ]
>
> Sorry to be That Guy, but I've tried the usual methods of contact,
> including the phone # for people who are blocked *by* AOL, without much
> success. I've
Haesu wrote:
> I dunno how you want to implement this; but as far as I know, the way
> most people generally do policy routing on cisco thru routemap is
> they define
> the source IP's via access-list... Does that make a huge difference
> than regular access lists? I dunno...
>
> I've kinda tested
> >
> > i am not really sure what kind of traffic we are talking about,
> > but if its around 100Mbits/sec or so bandwidth, TurboACL should do it just
> > fine (around ~20% or lower CPU usage on a 7206VXR with NPE-G1)
>
> most likely the pps would kill the 5500 long before the bps :( especially
>
On Tue, 25 Mar 2003, Jim Deleskie wrote:
> >If you fooled the router into thinking that the reverse path for the
> >source is on another another interface and then used strict unicast RPF
> >checking, that may accomplish what you want without using ACLs. I don't
> >know what impact it would have
On Tue, 25 Mar 2003, Haesu wrote:
>
> uRPF will certainly save a bit of CPU cycles than access-lists or policy
that is HIGHLY dependent on the platform in question. For the stated
'router' (5500+rsm) I'd think the impact would be about the same as for an
acl. 7500+RSP or 5500+RSM (which is pret
On Tue, 25 Mar 2003, Christian Liendo wrote:
>
> Looking for advice.
>
> I am sorry if this was discussed before, but I cannot seem to find this.
> I want to use source routing as a way to stop a DoS rather than use
> access-lists.
you can null route it also.
>
> In other words, lets say I kno
Hi, NANOGers.
As of 24 March 2003 IANA has allocated a new block of ASNs to ARIN.
The ASN range changes are:
Was 29696 - 32767 Held by the IANA
Now 29696 - 30719 Allocated by ARIN (March 2003)
Now 30720 - 32767 Held by the IANA
The bogus ASN monitoring has been updated to reflect this
>If you fooled the router into thinking that the reverse path for the
>source is on another another interface and then used strict unicast RPF
>checking, that may accomplish what you want without using ACLs. I don't
>know what impact it would have on your CPU however, you'll have to
>investigat
> uRPF will certainly save a bit of CPU cycles than access-lists or policy
> routing.. it would be intertesting to know any kind of 'common practice'
> ways people use to fool the router so that it will think such offensive
> source IP's are hitting uRPF.
null route? even with a loose check, if y
uRPF will certainly save a bit of CPU cycles than access-lists or policy
routing.. it would be intertesting to know any kind of 'common practice'
ways people use to fool the router so that it will think such offensive
source IP's are hitting uRPF.
i am not really sure what kind of traffic we are
On Tue, 25 Mar 2003 09:06:01 -0500
Christian Liendo <[EMAIL PROTECTED]> wrote:
> I am sorry if this was discussed before, but I cannot seem to find
> this. I want to use source routing as a way to stop a DoS rather than
> use access-lists.
If you fooled the router into thinking that the reverse
At 09:21 AM 3/25/2003 -0500, Haesu wrote:
I dunno how you want to implement this; but as far as I know, the way most
people generally do policy routing on cisco thru routemap is they define
the source IP's via access-list... Does that make a huge difference than
regular access lists? I dunno...
We
## On 2003-03-25 09:06 -0500 Christian Liendo typed:
[snip]
CL>
CL> Depending on the router and the code, if I implement an access-list then
CL> the CPU utilization shoots through the roof.
CL> What I would like to try and do is use source routing to route that traffic
CL> to null. I figured
I dunno how you want to implement this; but as far as I know, the way most
people generally do policy routing on cisco thru routemap is they define
the source IP's via access-list... Does that make a huge difference than
regular access lists? I dunno...
I've kinda tested it in the lab with two 72
Looking for advice.
I am sorry if this was discussed before, but I cannot seem to find this.
I want to use source routing as a way to stop a DoS rather than use
access-lists.
In other words, lets say I know the source IP (range of IPs) of an attack
and they do not change.
If the destination st
How does one convey to a CTO who has everything that nmap 10.0.0.0/8 has
side effects?
> Sorry - I didn't expect it to be running for such a long time. I apologize
> for any consternation it may have caused. I ran it because I couldn't get
> into the system "larceny" that night. I thought th
http://www.finisar.com/product/product.php?product_id=165&product_category_id=150
CWDM GBIC OC48 Transceiver with APD Receiver (FTR-1621)
Seems nifty. Anyone using this?
Also, me making my once-a-year request; anyone know of GBICs based on
ITU-Grid frequencies that would work with Cisco 15216
- Original Message -
From: "Sean Donelan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 25, 2003 9:17 AM
Subject: Re: Al Jazeera DOSed or just lots of traffic
:
: On Mon, 24 Mar 2003, james wrote:
: > : It was DDoSed even the nameservers routes were null due to the DDo
25 matches
Mail list logo