Go straight to page content
JANET CSIRT
ja.net
the UK's education and research network
                  JANET CSIRT front page Reporting abuse E-mail including "spam" Scanning Denial of Service Security advice Very basic measures Security in detail Building safe networks Policies Legislation and regulation The threats to networks Viruses and worms Deliberate attacks Users of the network E-mail abuse About JANET CSIRT External relationships Training and courses Reports and statistics About JANET Contact JANET CSIRT

JANET CSIRT webmaster:
webmaster@csirt.ja.net
JANET(UK) privacy policy
Google Analytics notice
© The JNT Association 2007

How to report Denial of Service attacks

Typical Denial of Service abuse (DoS) involves a very large number of connections or packets being directed to the target computer, either from a single source IP address or (Distributed Denial of Service, DDoS) from a number of addresses, possibly a large number and probably in several different networks. Sometimes the effect is to stop the data network working or make it so slow as to interfere with its normal use; sometimes the target is a single machine which also may cease to work or run very slowly. If the target is a single service such as a Web, DNS or e-mail server, it may be swamped by very many otherwise normal and legitimate requests for information.

Abuse from JANET addresses or domains

See the general guidance Reporting abuse originating from JANET for notes on which domains and IP addresses are part of JANET.

What to include in your report

In a Denial of Service it can be difficult to obtain complete information. Please include as much as possible of the following:

If it is available, a good sample of log information is all that is needed.

To get your report to JANET CSIRT see the general guidance Reporting abuse originating from JANET, which also explains how we will respond.

Abuse of JANET from outside

If you belong to a JANET organization and you believe your network has suffered Denial of Service abuse, please note the advice in Reporting abuse if you are a JANET user. Normally users should refer first to their local IT support or network staff.

The information required is the same as that described above where the abuse may have originated within JANET, but it is not always easy to decide where to send the report.