Security Incidents mailing list archives
RE: DOS ATTACK
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Mon, 28 Oct 2002 19:30:06 -0800 (PST)
Blocking any single I.P address will not solve this problem, since the request is not made by the owner of those webpages, but their visitor's browser everytime a visitor visits, evnetually causing a Denial of Service for the person whose website is fetched uselessly on every visit. First of all you inform the I.P owners and webhosting company if any used about the scenario. Secondly, if any JPG, or GIF or any (rename-able) resource is fetched from your friend's server everytime, then your friend can change it's name and fix the links in his html, The misuser will have to keep updating his pages, but you'll be the on in lead. Also if it is your index page being fetched, you could place a plain index.html page with little bit of java scripting or maybe lesser time refresh tags to redirect to the subsiding link, say index1.html, again you'd be the one in lead with the misuser everytime he also changes the links. You could try Java Script popups for sometime to see if they appear on the misuer's webpage too, If yes then send the message across to his visitors that he is using such techniques to cause harm. Eventually the mis-user will either give up or brought down by his I.P owners/Webhosting company. Best of Luck. Regards -------- Muhammad Faisal Rauf Danka Head of GemSEC / Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Key Id: 0x784B0202 Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B 784B 0202 --- David Vincent <david.vincent () mightyoaks com> wrote:
add a firewall (such as the wonderful kerio personal firewall - http://www.kerio.com) and block that IP from accessing the machine. you might have to do some digging at http://www.samspade.org to figure out what IP blocks the big guy owns and therefore might be sources of the attack. -d -----Original Message----- From: Hunt, Jim [mailto:Jim.Hunt () nwsc k12 in us] Sent: October 27, 2002 8:59 PM To: Incidents () securityfocus com Subject: DOS ATTACK I have a friend that has a DOS Attack going on against their website. It is being done by someone with a very popular website trying to squash a little guy. He is doing it be placing 1 pixel by 1 pixel inline frames in his webpages and having them load my friends webpage. It is killing his server and bandwidth. What can we do to block? The Server is W2K with IIS. Thanks! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
_____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email address for FREE! Get you () yourchoice com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: DOS ATTACK, (continued)
- RE: DOS ATTACK Jonathan A. Zdziarski (Oct 29)
- Re: DOS ATTACK Micheal Patterson (Oct 29)
- Re: DOS ATTACK Gary Flynn (Oct 30)
- Re: DOS ATTACK Kurt Seifried (Oct 31)
- Re: DOS ATTACK Jay D. Dyson (Oct 31)
- Re: DOS ATTACK Gary Flynn (Oct 31)
- Re: DOS ATTACK Gary Flynn (Oct 30)
- Re: DOS ATTACK Richard Archer (Oct 29)
- RE: DOS ATTACK David Vincent (Oct 28)
- RE: DOS ATTACK McCammon, Keith (Oct 28)
- RE: DOS ATTACK Rob Keown (Oct 28)
- RE: DOS ATTACK Muhammad Faisal Rauf Danka (Oct 28)
- RE: DOS ATTACK Black, Braden (Oct 29)
- Re: DOS ATTACK james (Oct 30)
- RE: DOS ATTACK McCammon, Keith (Oct 31)