Re: What is this Very Stupid DOS Attack Script?

• Previous message: Martin McCormick: "Re: What is this Very Stupid DOS Attack Script?"
• In reply to: Willem Jan Withagen: "Re: What is this Very Stupid DOS Attack Script?"
• Next in thread: Jon Adams: "Re: What is this Very Stupid DOS Attack Script?"
• Reply: Jon Adams: "Re: What is this Very Stupid DOS Attack Script?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 6 Apr 2005 18:19:16 +0200 (CEST)
To: "Willem Jan Withagen" <wjw@withagen.nl>

On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte:
> I've build some swatch-rules that after two of these hits, I dump
> the host into ifpw-deny space.
>
Aye. I thought about writing a script, doing the same like yours, too.
Could you post this script somewhere, so that I could add some
functionality or just use it ?

On one hand, of course, it would make no sense to blog these attackers, as
they don't mind anyway wether they're blocked or not, on the other hand,
I'd like to see only two attempts, and not loads of pages, blowing up my
logfiles useless.

By the way, you do know, that if you block these attackers forever, you
may run into a self-made DOS attack, right ?
Imagine, you have 10 attacks per day (from 10 different IP addresses) and
you all block them, each day, for another 10 days. You already blocked 100
IP adresses then ;)
Well, perhaps your script releases the blocked IP adresses after an
specific amount of time... this would be a functionality I'd like to add
:)

So, I'd be glad if you could either upload the script on some webserver
and make it public, or if you could private mail it to me.

best regards,
Marian
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Martin McCormick: "Re: What is this Very Stupid DOS Attack Script?"
• In reply to: Willem Jan Withagen: "Re: What is this Very Stupid DOS Attack Script?"
• Next in thread: Jon Adams: "Re: What is this Very Stupid DOS Attack Script?"
• Reply: Jon Adams: "Re: What is this Very Stupid DOS Attack Script?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: New attack or old Vulnerability Scanner? ... the iis-kabom script and noted that it had 69 GET requests (many of which ... I also agree that the attackers have likely moved from scripted IIS-scan ... IBM Managed Security Services ... (Incidents) Re: Brute Force Detection + Advanced Firewall Policy ... I made modifications to the script to take care of it. ... I'm using IPFW1 to block out the attackers. ... Any BFD/AFP softwares available for FreeBSD 4.10? ... Im getting flooded with ssh and ftp attempts. ... (FreeBSD-Security) Re: Gathering Workstation IP Address ... Retreiving computer's IP adresses is easy using WMI. ... With this script you can retreive computer IP adresses, ... using these keys would have complicated the task for me. ... (microsoft.public.scripting.vbscript) Lock IP Adresses/Subnets from other Computer in Network ... Our subject is to lock subnets or ip adresses so they cant access the internet. ... It should be a small script that can be executed from any pc in the network. ... So basically the teacher can execute the tool to lock ip adresses or a whole subnet ... (microsoft.public.scripting.wsh) Re: Lock IP Adresses/Subnets from other Computer in Network ... When each PC has a Web Server, use a script to "STOP", or teach them how to ... > Our subject is to lock subnets or ip adresses so they cant access the ... > So basically the teacher can execute the tool to lock ip adresses or a ... (microsoft.public.scripting.wsh)