Possible DoS attack?
Derek Martin
derek at cerberus.ne.mediaone.net
Mon Aug 28 15:02:54 EDT 2000
Today, John Abreau gleaned this insight:
>
> In the meantime, we got a report from someone that the system is pounding
> their network on port 113, at roughly 50-60 request per minute. The
> excerpt from their logs looks like thes (ip addresses obscured):
>
> Aug 25 08:00:14 avgo-br2 avgo-br2, list 101 denied tcp
> xxx.xxx.xxx.xxx(13361)(Ethernet v2 0050.2ac2.14a0) -> yyy.yyy.yyy.yyy(113), 1 packets
>
Port 113 is the identd service, which allows tcp connections from clients
(which are usually themselves servers of some service) to identify the
originator of a request. This sounds to me like it could be consistent
with a DoS attack.
To echo a sentiment of my esteemed colleague, "Why can't everyone just be
nice?!?!"
--Paul Lussier
--
You know that everytime I try to go where I really want to be,
It's already where I am, cuz I'm already there...
---------------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
ddm at MissionCriticalLinux.com | derek at cerberus.ne.mediaone.net
---------------------------------------------------------------
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list