Is the "random source" using valid or invalid addresses. Invalid addresses are RFC1918, Martin, and blocks still reserved (unallocated) by IANA.
-----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Martin Forest Sent: Thursday, December 14, 2000 6:35 PM To: Nznog Subject: New type of DDOS
Hi All
There is now a new type of DDOS. This one is hiding the source IP address and port, i.e. random IP address and port as source address. This makes it almost impossible to quickly trace back to the source. Our Cisco routers can with ease detect the attack and block it (IOS Firewall). However, this new attack makes it hard to get upstream providers to block the traffic or to find out who's servers that have been hacked.
Happy to share knowledge...
Martin Forest Senior Security & Infrastructure Specialist Asia Online NZ
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog