Nmap Development mailing list archives
Microsoft Banned from Insecure.Org for Web abuse
From: Fyodor <fyodor () insecure org>
Date: Mon, 17 Apr 2006 16:15:44 -0700
Last Monday, some of you may have noticed Insecure.Org slowing to a crawl for a brief period. Meanwhile, my colocation bandwidth graph skyrocketed to massive-overage-charges-if-this-continues territory. My weblogs showed this sort of behavior: 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:52 -0700] "GET /lists/security-basics/2006/Apr/0001.html HTTP/1.1" 200 20718 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:52 -0700] "GET /lists/security-basics/2006/Apr/0002.html HTTP/1.1" 200 17568 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700] "GET /lists/security-basics/2006/Apr/0003.html HTTP/1.1" 200 18456 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700] "GET /lists/security-basics/2006/Apr/0004.html HTTP/1.1" 200 26590 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:53 -0700] "GET /lists/security-basics/2006/Apr/0005.html HTTP/1.1" 200 21509 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0006.html HTTP/1.1" 200 19844 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0007.html HTTP/1.1" 200 13938 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0008.html HTTP/1.1" 200 23157 "-" "-" 207.46.89.12 (tide120.microsoft.com) - - [10/Apr/2006:02:24:54 -0700] "GET /lists/security-basics/2006/Apr/0009.html HTTP/1. MS proceeded to make 3738 requests for security-basics articles in about 20 minutes. That is more than three requests each second. So I had no choice but to ban them. This was obviously an intentional DoS attack orchestrated from the highest levels in MS to take down Insecure.Org. Probably Steve Ballmer realized I wasn't within chair throwing distance and so he came up with this plan instead :). Hehe, actually it is surely some employee who forgot that we don't all have as much bandwidth as Microsoft. So for now, I've banned the IP. The good news in all this is that MS has apparently started to read security-basics. It is about time :). I'm tempted to unblock the IP to see if they come back for more intermediate and advanced material like Bugtraq next month :). Cheers, -F PS: If there is a point to this email, it is simply this: Please don't run recursive wget or any other scraper against Insecure.Org. If you only need a small set of pages (less than a couple hundred), I guess that is OK. If you have a really good reason that you need thousands of pages, send me an email and I may be able to make a .tar.bz2 available for you. I'd be happy to send the whole mbox-format security-basics archives to Microsoft, for example. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Microsoft Banned from Insecure.Org for Web abuse Fyodor (Apr 17)