Hi Dana. Thankyou for your comments and the link to your white paper. When I have time I shall read up on it and reply to you off this list. Kind Regards - Keith Roberts http://www.karsites.net/ On Sun, 14 Nov 2004, Dana Hudes wrote:

To: suse@karsites.net From: Dana Hudes <dhudes@tcp-ip.info> Subject: Re: [suse-security] Detection of DoS Attacks on Webserver

On Sunday 14 November 2004 16:41, suse@karsites.net wrote:

...

...

...

Your idea seems very handy for doing forensic analysis, after a HTTP-DoS/DDoS attack.

actually one can nip such in the bud and tell others.

did not realise the method Markus was using was almost in real time.

I have no idea about Markus. See *my* presentationand research from a year ago at http://www.networkengineer.biz/ExecutiveADS/index.htm