[afnog] any experience combating a DRDoS attack?
Jeroen Massar
jeroen at unfix.org
Thu Jan 26 23:09:49 EAT 2006
McTim wrote:
> At this point, I know nothing aboout their network (except they are
> getting hammered and are fairly clueless). Any other clues I can give
> him?
Well it simple economics: there is a reason why they get (d)dossed.
Thus they need to find out what the real target of the attack is, thus
what the attackers seem to want to take out.
If they are a hosting ISP, check for websites which attract problems (eg
casinos and other money makers) and of course check for IRC, if somebody
is 'protecting a channel' with a bot or running a server then you
already have your point of interest in many cases.
There are a large number of methods to find out what the problem is, but
knowledge of the network is a must.
Small networks, try ntop, larger ones should do some netflow monitoring,
rommon (http://www.rommon.com) also comes to mind, but this all depends
on the size of the network and the cash that one has in their pockets.
Greets,
Jeroen
(grc.com is btw a silly url, don't trust a word on that site unless you
read it with a huge grain of salt and assume magnification factors of
1000x ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 238 bytes
Desc: OpenPGP digital signature
Url : http://listserv2.cfi.co.ug/pipermail/afnog/attachments/20060126/68a9ee80/signature.bin
More information about the afnog
mailing list