DOS SYN attack on a large network
Teddy
teddy-5sHjOODPK7E at public.gmane.org
Tue Aug 12 12:35:26 UTC 2008
We have a few hundred Linux boxes.
We do not have root access to these client boxes.
(So I cannot secure or "fix them up")
Once in a while, we get a DOS or SYN or some other type of
attack on our network, that can down the entire network.
We have our switches configured correctly. (reverifying again)
One thing I do notice of course is the offending box, starts making
a tremendous amount of bandwidth. (100Mbits/sec)
I would like to monitor this, perhaps like:
1. If traffic on switch >=30 Mbits for 600 seconds then fire off an email
2. Login to the network to fix it (hopefully before network gets saturated)
I have cacti/ntop/nagios and other tools.
What tool would be best suited for this?
Is there a better way, than just waiting for a DOS SYN attack to occur?
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list