Question about HTTP DDOS attacks.
From: eax@3xT.orgDate: 03/16/02
- Previous message: METE.EMINAGAOGLU@DIGITALPLATFORM.com: "RE: A new hack tool - tcp port 3139 ?"
- Next in thread: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
- Reply: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Mar 2002 20:13:27 -0800 (PST) From: eax@3xT.org To: incidents@securityfocus.com
For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with
tons of HTTP requests composed of:
GET / HTTP/1.1
Host: example.com
I wrote a quick script to firewall any client that makes this type of request, and already have about 3,000 unique ip addresses in my input filters. They're all window boxes from what I can tell. They coming in from lots of differnet networks.
Our client's website does not get very many hits per day -- and a few thousand zombies seems like an
awful lot to throw at a relatively unpopular/small website for a small, locally owned business.
Is an attack with a few thousand zombies considered commonplace nowdays?
Attached is a current list of attacking computers.
TIA
- TEXT/plain attachment: i.txt
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: METE.EMINAGAOGLU@DIGITALPLATFORM.com: "RE: A new hack tool - tcp port 3139 ?"
- Next in thread: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
- Reply: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
