Full Disclosure mailing list archives
RE: Attack profiling tool?
From: "Gareth Blades" <list.fulldisclosure () webscreen-technology com>
Date: Fri, 11 Jul 2003 09:38:13 +0100
Our product detected the attack as a 'connectio flood' which is basically where you open up lots of connections to a server and leave them idle. This causes the server to have lots of open connections so that it reaches its maximum connection limit and therefore nobody else can access the site resulting in denial of service. A common tool for this is called naptha but what we are seeing is not consistant with this tool because as soon as the connection limit is reached all the connections are then closed. Naptha would keep them all open and regularly keep trying to open new ones. Our product monitors the connections to the site and when it begins to reach its limit denies new connections from clients which have more connections open than they should/normally would.
-----Original Message----- From: daniel_clemens () birmingham-infragard org [mailto:daniel_clemens () birmingham-infragard org]On Behalf Of daniel uriah clemens Sent: Thursday, July 10, 2003 12:47 To: Gareth Blades Cc: Fulldisclosure Subject: Re: [Full-disclosure] Attack profiling tool?I have seen this a number of times from various IP addresses and it is always exactly the same. Our product which detected thisprevents againstthese types of attacks anyway so it is not a problem but I waswondering ifit is a particular attack tool going round the Internetprofiling differentsites to see how many connections they support.Out of curiosity to possibly reclarify your definition of an attack... What type of attacks do these more than 3 connections fall into? -Daniel Uriah Clemens Esse quam videra (to be, rather than to appear) http://www.birmingham-infragard.org | 2053284200 fingerprint: EDF0 6566 2A4A 220E 5760 EA1F 0424 6DF6 F662 F5BD
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Attack profiling tool? Gareth Blades (Jul 10)
- Re: Attack profiling tool? morning_wood (Jul 10)
- Re: Attack profiling tool? daniel uriah clemens (Jul 10)
- RE: Attack profiling tool? Gareth Blades (Jul 11)
- <Possible follow-ups>
- RE: Attack profiling tool? Gareth Blades (Jul 11)
- RE: Attack profiling tool? Gareth Blades (Jul 11)
- RE: RE: Attack profiling tool? Gareth Blades (Jul 11)
- RE: RE: Attack profiling tool? Ron DuFresne (Jul 11)
- RE: RE: Attack profiling tool? Gareth Blades (Jul 11)
- RE: RE: Attack profiling tool? Ron DuFresne (Jul 11)
- RE: RE: Attack profiling tool? Gareth Blades (Jul 11)
- RE: RE: Attack profiling tool? Ron DuFresne (Jul 11)
- RE: RE: Attack profiling tool? Gareth Blades (Jul 11)