Re: streams of fragments...

From: Russell Fulton (r.fultonat_private)
Date: Wed Jul 18 2001 - 15:06:32 PDT

  • Next message: Rich Ostergard: "RE: streams of fragments..."

    On Wed, 18 Jul 2001 12:23:36 -0300 (ADT) Gamble <a629wat_private> wrote:
    
    > 
    >  This sounds like a DOS attack.  By sending you many fragmented packets 
    > the attacker could consume a lot of the memory on your machine.  You could
    > counter this by blocking all IP fragments on your firewall,  but that
    > would also prevent legitimate activities.  The attacker is most likly
    > spoofing the IP addresses which you are seeing, so if it is a DOS,
    > tracking it down will be difficult.
    
    No, the packet rate is far too slow -- in the order of packet per hour.
    
    Russell Fulton, Computer and Network Security Officer
    The University of Auckland,  New Zealand
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 20:54:54 PDT