RE: Dos Attack

["biscut" <biscut biscut screaming net>]

>It seems that the MAC in question might have a dynamic IP setup - that
would >explain the differing IP addresses, as each time the perp logs on he
gets a new >address to pingstorm you from.

I might be wrong but I thought that most IP addresses have a certain time
span before they get reassigned to someone else, I thought that the time
period was 24 hours, i.e if someone logs onto their ISP and gets an IP
address thne logs off, they will keep the same IP address if they log on
again within 24 hours, if it is over 24 hours before they log on again then
another will be assigned, it is possible that the ISP might be able to go
through their logs to track what IP address is assigned to who at that
time...thats the way that an ISP that I used to work for worked anyway :-) I
was able to track someone that was attackng me from a BT.net account and
they caught them this way...you might be lucky...you will just have to prove
to the ISP what this person is doing...

regards
biscut


> You do need to take steps to protect yourself from this. Denial
> of Service
> attacks constitute felonies at least in the USA.
>
> > 1. How I can trace orginal Ip from above Mac.
>
> That I don't know. I don't know the relationship between a Mac
> address and an
> IP address.
>
> > 2. How I can stop DoS attack.
>
> Try to find the IP first. For instance, if the IP is 12.34.56.78
> (substitute
> real IP, of course) you can use a few tools to find out the
> domain the person
> is using.
>
> For instance, there's nslookup -- just type 'nslookup IP address',
> substituting the IP address you found in the first step. There will be
> different IPs, but they will probably be all in the same net
> block. nslookup
> should give you the domain that the IP is on.
>
> You can also use traceroute (/usr/sbin/traceroute) on that IP
> address to see
> who the address belongs to. Traceroute will trace how the packets
> are routed
> from your system/domain to the other system/domain, and all the
> domains in
> between. Usually, the person's domain will be towards the end of
> the output
> you get from traceroute.
>
> Once you have this information, send detailed information,
> including logs, if
> you have them, to the technical or administrative contacts for
> the domain in
> question. Usually, 'abuse domain' works; failing that, use
> 'postmaster domain', since 'postmaster' is a required account.
> The postmaster
> should be able to route your issue to the appropriate person.
> Also, you can
> use 'whois' to find out who the technical and/or administrative
> contacts are.
> Have them file a report with the local police, as well.
>
> --
> ------------------------------------------------------------------------
> David E. Fox                                    Thanks for letting me
> dfox belvdere vip best com                      change magnetic patterns
> David Fox icp siemens com                       on your hard disk.
> -----------------------------------------------------------------------
>
>
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-install-list