RE: DOS ATTACK

["Jonathan A. Zdziarski" <jonathan () networkdweebs com>]

If he's got it up on his website in a ton of 1-pixel frames, chances are
all his [the attacker] web visitors are loading several copies of the
victim's page.  The only real way to filter that would be by filtering
based on HTTP_REFERRER.  Unless I'm mistaken I don't believe Apache yet
has a mechanism to enforce mandatory delays between the same page being
loaded from the same IP.



-----Original Message-----
From: james [mailto:jamesh () cybermesa com] 
Sent: Monday, October 28, 2002 6:31 PM
To: Hunt, Jim
Cc: incidents () securityfocus com
Subject: Re: DOS ATTACK


Sounds like this attack is coming from a specific IP. Blocking that IP
on a router would be one obvious answer.

james
----- Original Message -----
From: "Hunt, Jim" <Jim.Hunt () nwsc k12 in us>
To: <Incidents () securityfocus com>
Sent: Sunday, October 27, 2002 9:59 PM
Subject: DOS ATTACK


> I have a friend that has a DOS Attack going on against their website.

> It
is being done by someone with a very popular website trying to squash a
little guy.  He is doing it be placing 1 pixel by 1 pixel inline frames
in his webpages and having them load my friends webpage.  It is killing
his server and bandwidth.
> What can we do to block?  The Server is W2K with IIS.
>
> Thanks!


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com