Wayne E. Bouchard [2/19/2004 6:16 AM] :
Easy enough to fend off except for the TCP 80 bit. For most of these
attacks, I've taken to just filtering the entire LACNIC and APNIC
address delegations at the host level for the durration of the
incident since, in the general case, my customers (the ones
Wayne E. Bouchard wrote:
Yes, this seems to be a common thing these days. You send udp/LAGE udp
packets and fragments to port 80 to saturate bandwidth and you combine
that with compromised hosts successively opening and closing TCP
connections to port 80 (Not a syn flood, actual connections that
Yes, this seems to be a common thing these days. You send udp/LAGE udp
packets and fragments to port 80 to saturate bandwidth and you combine
that with compromised hosts successively opening and closing TCP
connections to port 80 (Not a syn flood, actual connections that look
to the router in term
I apologize for the potentially obvious question, but I've been through
sf, google, etc and can't find anything.
I have a customer that is currently getting several hundred thousand
packets per second sent to them on 80/udp. /etc/services lists 80/udp as
IANA assigned for http but I've never see
