[c-nsp] ISP Attack Discovery
sherif mostafa
sherifmka2004 at hotmail.com
Wed Apr 7 11:49:21 EDT 2010
I'm working @ ISP and with our monitoring tools I sometimes find a large no. of packet/secs which is most probably because of attack, scenario is that I've large subnet for my ISP segmented into smaller subnets that are advertised to three international providers, Question is:
How could I isolate the subnet which has the attack source IP ?
How could I know the source IP of the attacker directly ?
How to detect the attacker if the attack is from outside my ISP to an internal IP ?
How could I investigate this issue ?
If anyone has experience in how to prevent or detect attacks and drop that traffic please share knowledge with me..
Thx.
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
More information about the cisco-nsp
mailing list