DDoS Attack
From: Steven Shepherd (steven_at_valueweb.com)
Date: 05/22/03
- Previous message: Muhammad Naseer Bhatti: "ICMP/SYN Flood"
- Next in thread: Sebastian Jaenicke: "Re: DDoS Attack"
- Reply: Sebastian Jaenicke: "Re: DDoS Attack"
- Reply: lists_at_khimich.com: "Re: DDoS Attack"
- Maybe reply: Whiteside, Larry [contractor]: "RE: DDoS Attack"
- Reply: Jonathan A. Zdziarski: "RE: DDoS Attack"
- Reply: Tim Greer: "Re: DDoS Attack"
- Reply: Angelz: "Re: DDoS Attack"
- Maybe reply: Justin Pryzby: "Re: DDoS Attack"
- Maybe reply: Andrew Anderson: "Re: DDoS Attack"
- Maybe reply: Justin Pryzby: "Re: DDoS Attack"
- Maybe reply: Justin Pryzby: "Re: DDoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 May 2003 13:13:27 -0400 To: incidents@securityfocus.com
Our parent company is experiencing a very odd/severe DDoS attack coming
from all over the place. For the most part, the attack is occuring at
the Apache level. Log files show this request:
[Tue May 20 09:13:33 2003] [error] [client 194.xxx.xxx.xxx] request
failed: erroneous characters after protocol string: -nb GET
!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!-nb
GET
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-nb
GET
!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!-nb
GET +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ +
+ATH0+ + +ATH0+ + +ATH0+ + +\x01TH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+
+ +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+
+ +ATH0+
Scans of some of the attacking IP's show BackOrifice installations.
Has anyone had this sort of attack and what would be the best way to
combat it? Not much luck from the upstream(s) thus far.
----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
- Previous message: Muhammad Naseer Bhatti: "ICMP/SYN Flood"
- Next in thread: Sebastian Jaenicke: "Re: DDoS Attack"
- Reply: Sebastian Jaenicke: "Re: DDoS Attack"
- Reply: lists_at_khimich.com: "Re: DDoS Attack"
- Maybe reply: Whiteside, Larry [contractor]: "RE: DDoS Attack"
- Reply: Jonathan A. Zdziarski: "RE: DDoS Attack"
- Reply: Tim Greer: "Re: DDoS Attack"
- Reply: Angelz: "Re: DDoS Attack"
- Maybe reply: Justin Pryzby: "Re: DDoS Attack"
- Maybe reply: Andrew Anderson: "Re: DDoS Attack"
- Maybe reply: Justin Pryzby: "Re: DDoS Attack"
- Maybe reply: Justin Pryzby: "Re: DDoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
