We are a small ISP suffering from repeated SYN Flood DoS/DDoS type attacks. After putting a bridging firewall in place and using a packet sniffer, we are certain the attacks are coming from within our own network with machine A attacking machine B, both of which are in the same subnet. If you cut off machine A, the attack merely resumes with machine C attacking machine D, etc. Attacks rarely last more than a few minutes at a time.
Question: Is the a recent virus/worm/trojan with a modus operandi anything like my desciption? (We are in the process of forcing all email coming into out subnets through amavis-new/clamav/spamassassin but aren't there yet.) Any further ideas/suggestions? Thank you, Lucky Leavell ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
