Interesting People mailing list archives
IP: re NIPC DDOS Warning
From: David Farber <dave () farber net>
Date: Tue, 18 Sep 2001 12:47:10 -0400
Date: Tue, 18 Sep 2001 10:41:28 -0600 From: Sean Reifschneider <jafo () tummy com> To: David Farber <dave () farber net> Cc: Robert Cannon <rcannon100 () yahoo com>, efm () tummy com Subject: Re: IP: NIPC DDOS Warning User-Agent: Mutt/1.2.5i >We may be under a DDOS. You may wish to post this: It's actually something similar to the Code Red worm. This one however seems to make an average of around 10 HTTP connections per attack attempt compared to Code Red's one HTTP connection, which right away means that it's likely to be an order of magnitude worse than the original Code Red. It uses an attack profile very similar, most attacks come from network addresses that are at least somewhat similar to your address. So, it may be a straight variant, but I don't have information to prove it one way or another. So, it's kind of a DDoS in that it is pounding the net pretty hard, but it's also a worm. It's actually pounding *EVERYONE* pretty hard, whereas a traditional DDoS would be hitting one or a few places. http://slashdot.org/ has some coverage of it so far. From looking at our logs, it *JUST STARTED* at around 7am. No gradual ramp-up, our line just started getting pounded by about a 35KB/sec load, and it's currently up to around 60KB/sec. Sean -- "If all you have is a hammer, every problem tends to look like a nail." Sean Reifschneider, Inimitably Superfluous <jafo () tummy com> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
For archives see: http://www.interesting-people.org/
Current thread:
- IP: re NIPC DDOS Warning David Farber (Sep 18)