DOS attack over the weekend

To: debian-isp@lists.debian.org
Subject: DOS attack over the weekend
From: Jacob S <stormspotter@6Texans.net>
Date: Tue, 31 May 2005 09:09:41 -0500
Message-id: <[🔎] 20050531090941.3c5d0b73@jacob.6texans.net>

Hello list,

Over the weekend, the T1 at work was DOSed by an ip that appears to
belong to a University in Germany. Since it was coming from a university
and not an isp, I was hoping I would be more likely to get some action
done about it, instead of being ignored. 

But I have a couple of questions before I work on reporting it. Has
anyone had good success getting this kind of problem dealt with by a
university before? What are the chances the IP was spoofed that was
DOS'ing us, for the purpose of using our server(s) as part of a DDOS
against the university? 

Does anyone know of a good tool that would warn us about possible DOS
attacks? I know we can't stop the DOS from our side, but at least it
would give us a head start on our troubleshooting. Our ISP tells us they
were flooding us with approximately 10,000 udp packets/second - causing
25 - 50% packet loss when I would try to ping our servers from the
outside.

I would ask if anyone has any good contacts at this university, except
I'm leaving their name unmentioned for now. 

TIA,
Jacob

Reply to:

Follow-Ups:
- Re: DOS attack over the weekend
  - From: Andreas Schoenberg <asg@pce.de>
- Re: DOS attack over the weekend
  - From: Jacob S <stormspotter@6Texans.net>

Prev by Date: Re: Apache 2.x remote logging
Next by Date: Re: Apache 2.x remote logging
Previous by thread: Re: Apache 2.x remote logging
Next by thread: Re: DOS attack over the weekend
Index(es):
- Date
- Thread