Timing of DoS and Intrusion attempts.

From: Patrick Andry (pandryat_private)
Date: Mon May 28 2001 - 07:48:17 PDT

Next message: James Friesen: "RE: Scanning from a "intruder.rs88.net"?"

Previous message: Simos Xenitellis: "RE: Scanning from a "intruder.rs88.net"?"
Reply: Brian Mitchell: "Re: Timing of DoS and Intrusion attempts."
Reply: Patrick Andry: "RE: Timing of DoS and Intrusion attempts."
Reply: Valdis.Kletnieksat_private: "Re: Timing of DoS and Intrusion attempts."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am trying to get a profile of a typical DoS and intrusion attempt, and
would like input on the times which these attacks occur.  Invariably they
will follow Murphy's Law, being when the administrators are gone home for
the night, or stuck in an elevator, and I understand that the Internet is a
24/7 Superstore, but there must be some correlation to the timing of these
attacks.
	Assuming we can find some form of correlation between the time of
the attack on both the target computer and the source computer, the possible
damage (A DoS attack is not as effective when your target audience is
asleep), and the type of attack, it may make it easier to guess where the
attacker originated from, if they are relaying through a server somewhere
else, etc...

Any thoughts on this?

Patrick Andry
pandryat_private

Next message: James Friesen: "RE: Scanning from a "intruder.rs88.net"?"
Previous message: Simos Xenitellis: "RE: Scanning from a "intruder.rs88.net"?"
Reply: Brian Mitchell: "Re: Timing of DoS and Intrusion attempts."
Reply: Patrick Andry: "RE: Timing of DoS and Intrusion attempts."
Reply: Valdis.Kletnieksat_private: "Re: Timing of DoS and Intrusion attempts."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 28 2001 - 12:28:06 PDT