RE: DOS ATTACK

[Muhammad Faisal Rauf Danka <mfrd () attitudex com>]

Blocking any single I.P address will not solve this problem, since the request is not made by the owner of those 
webpages, but their visitor's browser everytime a visitor visits, evnetually causing a Denial of Service for the person 
whose website is fetched uselessly on every visit.

First of all you inform the I.P owners and webhosting company if any used about the scenario.

Secondly, if any JPG, or GIF or any (rename-able) resource is fetched from your friend's server everytime, then your 
friend can change it's name and fix the links in his html, The misuser will have to keep updating his pages, but you'll 
be the on in lead.

Also if it is your index page being fetched, you could place a plain index.html page with little bit of java scripting 
or maybe lesser time refresh tags to redirect to the subsiding link, say index1.html, again you'd be the one in lead 
with the misuser everytime he also changes the links.

You could try Java Script popups for sometime to see if they appear on the misuer's webpage too, If yes then send the 
message across to his visitors that he is using such techniques to cause harm.

Eventually the mis-user will either give up or brought down by his I.P owners/Webhosting company.  

Best of Luck.

Regards
--------
Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B 
784B 0202


--- David Vincent <david.vincent () mightyoaks com> wrote:
> add a firewall (such as the wonderful kerio personal firewall -
> http://www.kerio.com) and block that IP from accessing the machine.
>
> you might have to do some digging at http://www.samspade.org to figure out
> what IP blocks the big guy owns and therefore might be sources of the
> attack.
>
> -d
>
>
>
> -----Original Message-----
> From: Hunt, Jim [mailto:Jim.Hunt () nwsc k12 in us]
> Sent: October 27, 2002 8:59 PM
> To: Incidents () securityfocus com
> Subject: DOS ATTACK
>
>
> I have a friend that has a DOS Attack going on against their website.  It is
> being done by someone with a very popular website trying to squash a little
> guy.  He is doing it be placing 1 pixel by 1 pixel inline frames in his
> webpages and having them load my friends webpage.  It is killing his server
> and bandwidth.
>
> What can we do to block?  The Server is W2K with IIS.
>
> Thanks!
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Select your own custom email address for FREE! Get you () yourchoice com w/No Ads, 6MB, POP & more! 
http://www.everyone.net/selectmail?campaign=tag

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com