After installing a Snort IDS system on a network link I am responsible for , I left it running over night to see how many alerts would be generated. When I returned in the morning I found 450,000 alerts from snort detailing a IGMP DoS attack from 6 different source hosts. I cannot find any information about this DoS attack (DDoS if you consider 6 hosts at same time). Has anybody else had an IGMP DoS attack starting at 5:23 CET ? Does anybody know what causes this ? What are the implications of this (other than pure bandwidth consumption) I will continue to search for info, but please help me if you know what this is. Dave Stout Internet Security Engineer #********************************************************************** This message is intended solely for the use of the individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Hughes Network Systems Limited, including its European subsidiaries and affiliates. Hughes Network Systems Limited, including its European subsidiaries and affiliates accepts no responsibility for loss or damage arising from its use, including damage from virus. #********************************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 08:45:28 PDT