I agree. Maybe some packet captures would help out. Honestly, I don't think I could get 80% of my job done without a good sniffer. It's very likely a DoS based on the volume alone. But a good packet capture narrowing down the type of traffic would be very usefull in figuring out what's going on. > -----Original Message----- > From: Harlan Carvey [mailto:keydet89at_private] > Sent: Sunday, June 29, 2003 7:27 PM > To: incidentsat_private > Subject: re: DoS "Probing" on one of our hosts > > > Chris, > > A couple of quick questions for clarification... > > > So far, we've yet to determine even the most basic > stuff > > ************************************************************************************************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** this message has been scanned for viruses, vandals and malicious content ** ************************************************************************************************** ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jun 30 2003 - 08:12:38 PDT