[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Handling DoS Attacks from within

Lucky Leavell wrote on Sat Sep 25 2004 - 05:08:42 CEST

> We are a small ISP using wireless (radio, not cellular) links and have 
> been experiencing increasing incidents of DoS (SYN Flood and smurf) 
> attacks.  When first encountered, we built and deployed a bridging 
> firewall using SuSE 9.1 and Shorewall which does exactly what it is 
> designed to do: filter traffic entering 
> or leaving the subnet it protects.
>However, the statistics reveal that most of our attacks originate within 
>the subnet and not from the outside (internet).  We have been using 
>ethereal to capture traffic and, using that to ID the source, cut them off 
>only to have the attack resume from another system on the subnet... (snip)
> Since most of our customers us M$ systems, 
> we are thinking we have several infested with some sort of worm 
> or trojan but it is a daunting task to  identify the culprit 
> and remedy the situation.
----<text trimmed>---
>    1. What tools other than ethereal should we use?
>    2. Is there any other protective measure we can take to fend
>       off the attacks from within our own networks given that 
>       we do not have total control of the network as a corporate
>       user would?
>    3. (snip)
> Any suggestions would be GREATLY appreciated 
> including other lists we might frequent.
> Thank you,
> Lucky Leavell

Hi Lucky,

Earlier today I read:


It might have an idea or two you can use 
because it seems to me that your first problem is 
how to educate your customers to aid you in solving the problem.

As one reviewer of the above article said:
Sooner or later it comes down to the Human Firewall guarding the network

Friendly greetings,



Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here