[funsec] DoS help

RandallM randallm at fidmail.com
Mon Nov 8 17:05:42 CST 2010

sorry for interrupting the fun in funsec,

I work for a small promotional products company that today experienced
DoS. Most of you here are above me in understanding such so i will
spare you the whole story and am asking for advice to present to my
CIO on what measures can be taken to prevent another day where it cost
us $$$!

Once I found the "UDP Echo request" pounding us and contacted ATT/SBC
explaining to them how rebooting the router opened the internet for a
few minutes until these same request started pounding again all they
could tell me was to "email to them" a request to block.

Well...the Echo request hit again our IP block address using another
IP (both from FR.), the first hits were morning, second wer about two
hours of it in the afternoon (I've never experienced where it hit the
whole damn thing X.X.X.255)

My CIO wants to know what can be done so they can report this to the CEO.

At the moment we have two Radware boxes capable of controling our DNS
and taking two internet ISP (att or whomever we choose). In theory
would switching our ip blocks from one ISP to the other control such?
Or would it just also follow?

been great, thanks
a.k.a System

More information about the funsec mailing list