DDoS Attack

From: Steven Shepherd (steven_at_valueweb.com)
Date: 05/22/03

  • Next message: Dave Booth: "Re: A question for the list..."
    Date: Thu, 22 May 2003 13:13:27 -0400
    To: incidents@securityfocus.com
    
    

    Our parent company is experiencing a very odd/severe DDoS attack coming
    from all over the place. For the most part, the attack is occuring at
    the Apache level. Log files show this request:

    [Tue May 20 09:13:33 2003] [error] [client 194.xxx.xxx.xxx] request
    failed: erroneous characters after protocol string: -nb GET
    !@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!-nb
    GET
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-nb
    GET
    !@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!-nb
    GET +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ +
    +ATH0+ + +ATH0+ + +ATH0+ + +\x01TH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+
    + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+
    + +ATH0+

    Scans of some of the attacking IP's show BackOrifice installations.

    Has anyone had this sort of attack and what would be the best way to
    combat it? Not much luck from the upstream(s) thus far.

    ----------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies
    that are enforced to protect WLANs from known vulnerabilities and threats.
    Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

    To get your FREE white paper visit us at:
    http://www.securityfocus.com/AirDefense-incidents
    ----------------------------------------------------------------------------


  • Next message: Dave Booth: "Re: A question for the list..."

    Relevant Pages

    • Re: [ANNOUNCE] protocol watcher
      ... attack, which is known to be a SYN attack! ... wireless LANs require network security policies ... > that are enforced to protect WLANs from known vulnerabilities and threats. ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)
    • Re: DDoS Attack
      ... Subject: DDoS Attack ... wireless LANs require network security policies ... > that are enforced to protect WLANs from known vulnerabilities and threats. ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)
    • RE: DDoS Attack
      ... Subject: DDoS Attack ... wireless LANs require network security policies ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)
    • Re: ICMP/SYN Flood
      ... for each network that you mention - you also appear to reference ... > I am experiencing a bad DDoS attack toward one of my server. ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)
    • Re: DDoS Attack
      ... SS> Has anyone had this sort of attack and what would be the best way to ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Incidents)