worldwide DDOS (sql server fun)
http://www.nextgenss.com/advisories/mssql-udp.txt Time to start applying some filters at your edges. This has taken some big networks off the air in the US (and at least one in NZ). term deny-dos { from { packet-length 404; protocol udp; destination-port 1434; } then { count codered-4; discard; } } term allow-rest { then accept; } - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Joe Abley
http://news.bbc.co.uk/1/hi/technology/2693925.stm Although I remain dubious about this claim: "Unlike viruses, the worm exists only in memory, so it cannot be detected by traditional anti-virus scanners." -- Juha - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Nevil Brownlee has a page at caida.org that allows you to create performance plots on the root and gTLD servers. http://www.caida.org/cgi-bin/dns_perf/main.pl Interesting seeing the high %packet loss on so many of the root servers since this problem started. regards lin ps Does anyone remember the presentation by Dave Moore of Caida at NZNOG 2002? Caida's analysis of Code Red can be found here http://www.caida.org/analysis/security/code-red/ - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (3)
-
Joe Abley -
Juha Saarinen -
Lin Nah