Hello, yesterday we've got about 150,000 HTTP requests with diff. source IPs (121,000 unique) to a single host in 2-5 mins. interval. According to logs all source IPs are spoofed. Almost each HTTP request produced an ICMP connection from spoofed IP (port unreach, network unreach, etc). It looks like a probe before a serious DoS attack. Does it looks like a new DoS tool? What could you recommend to do? Where is no way to find out a mastermind since attack was short, isn't it? Dmitri Smirnov, SSCP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 13:30:50 PST