In the referenced message, Clayton Fiske said:
>
> On Sun, Jul 07, 2002 at 03:08:14PM -0400, Richard A Steenbergen wrote:
> > On Sat, Jul 06, 2002 at 06:24:40PM -0500, Rob Thomas wrote:
> > > Hmm, not according to the data I collect. I track numerous botnets and
> > > DoSnets, and a bit over 80
On Sun, 07 Jul 2002 13:27:52 PDT, Clayton Fiske <[EMAIL PROTECTED]> said:
> Sure, but the idea that the kids doing the harvesting a) know how to
> do such a thing and b) care if the compromised machine is traced is
If the perpetrator actually understood the exploit, they'd not be called
a 'scri
On Sun, Jul 07, 2002 at 04:16:12PM -0400, [EMAIL PROTECTED] wrote:
> On Sun, 07 Jul 2002 12:45:13 PDT, Clayton Fiske <[EMAIL PROTECTED]> said:
>
> > Don't forget 3) the machine compromised isn't capable of spoofing.
> > In Win95/98/ME/NT, there is no raw socket functionality. I don't
>
> The f
On Sun, 07 Jul 2002 12:45:13 PDT, Clayton Fiske <[EMAIL PROTECTED]> said:
> Don't forget 3) the machine compromised isn't capable of spoofing.
> In Win95/98/ME/NT, there is no raw socket functionality. I don't
The fact that there is no raw socket *API* doesn't mean it's that much
more difficult
On Sun, Jul 07, 2002 at 03:08:14PM -0400, Richard A Steenbergen wrote:
> On Sat, Jul 06, 2002 at 06:24:40PM -0500, Rob Thomas wrote:
> > Hmm, not according to the data I collect. I track numerous botnets and
> > DoSnets, and a bit over 80% of them use the real IPs as the source of
> > the floods
On Sat, Jul 06, 2002 at 06:24:40PM -0500, Rob Thomas wrote:
>
> Hello, Frank.
>
> ] Your upstreams, who will help you back-track. Nobody DoS'es with their
> ] real IP's anymore.
>
> Hmm, not according to the data I collect. I track numerous botnets and
> DoSnets, and a bit over 80% of them u
Rob Thomas wrote:
> ] Your upstreams, who will help you back-track. Nobody DoS'es with their
> ] real IP's
anymore.
>
> Hmm, not according to the data I collect. I track numerous botnets and
> DoSnets, and a bit over 80% of them us
Hello, Frank.
] Your upstreams, who will help you back-track. Nobody DoS'es with their
] real IP's anymore.
Hmm, not according to the data I collect. I track numerous botnets and
DoSnets, and a bit over 80% of them use the real IPs as the source of
the floods. Then again, with 500 - 18000 bo
if you're upstream is uunet you can call: 1-800-900-0241 and ask to speak
to security. Then ask to speak to a Router Engineer because you have a
live DoS attack.
Posting to NANOG doesn't normally help too much for these things.
--Chris
([EMAIL PROTECTED])
#
Roy wrote:
> Their NOC is clueless. Anyone have a better number?
Your upstreams, who will help you back-track. Nobody DoS'es with their
real IP's anymore.
Frank
I am receiving a DOS attack from multiple IP addresses in the
216.139.xx.xx range belonging to PANAMSAT (AS 19199). Upstreams seem to
be QWEST, EPOCH, and UUNET.
Their NOC is clueless. Anyone have a better number?
11 matches
Mail list logo
