Date: Tue, 7 Jan 2003 19:53:01 -0700 From: <soralx@cydem.zp.ua> To: hackers@FreeBSD.ORG Subject: Re: DDoS attacks, packets captured ... not sure what to do. Message-ID: <200301071953.01935.soralx@cydem.zp.ua> In-Reply-To: <3E19D613.84622ADE@mindspring.com> References: <20030105145150.N80512-100000@mail.econolodgetulsa.com> <200301060021.39502.soralx@cydem.zp.ua> <3E19D613.84622ADE@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Knowing his IP address is useless, if it's a denial of service, > unless you have a peering agreement with his NSP/ISP, and/or are > within driving distance, and own a shotgun. That is what I'm talking about. :) And I think that the attaker lives not so far from him, since you need to have very good Inet to send thousands pps. > > BTW, what were the UDP packets for? Scanning? > Otherwise, they might have been a Linux NFS over UDP client > (same thing, really), or some other attack (e.g. attempted DNS > poisoning, etc.). no - he says that the packets are sent to random ports So, watch and try to get the real IP 8) 07.01.2003; 19:42:31 [SorAlx] http://cydem.zp.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301071953.01935.soralx>