Toby, thank you very much for your input. I am just learning this as you can probably tell, so I really do appreciate your taking the time to respond to my questions. Thank you and have a great weekend, Heidi Henry -----Original Message----- From: owner-crime@/var/spool/majordomo/lists/crime [mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of Toby Kohlenberg Sent: Friday, October 19, 2001 7:40 PM To: Heidi Cc: CRIME Subject: RE: Syslog buffer overflow On Wed, 17 Oct 2001, Heidi wrote: > Toby, yes, this is from Cisco router ACL (syslog). The data just repeats > itself for a couple of hours. Perhaps a DoS aimed at the syslog port due to > the timestamps and multiple attempts with one packet? I.E., an attacker > attempting to deny bandwidth by taking out a router. It appears the > attacker is trying to identify the syslog server to attempt DoS or to gain > root access. Thank you for your input. > Heidi I don't think you have enough information to assume it is a. intentional or b. malicious. Without the actual packets, or at least the headers from them, you have no data regarding the purpose or stimulus for the traffic. This could be the result of someone spoofing you and attacking your traffic's source. If it got blocked at your firewall, acknowledge it,
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:28:23 PDT