Date: Mon, 24 May 1999 00:22:57 +0400 From: Dmitriy Bokiy <ratebor@cityline.ru> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <715.990524@cityline.ru> In-Reply-To: <4.2.0.37.19990522105949.0465d4a0@localhost> References: <4.2.0.37.19990522105949.0465d4a0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday, May 22, 1999, 21:05:28 Brett Glass wrote: > This morning, someone at the domain "imagelock.com" apparently launched a > denial of service attack against a Web server I administer. The abuser was > repeatedly downloading large image files simultaneously. While the log > entries say that the user agent was "Mozilla > /3.01C-PBWF", this was clearly spoofed; no Netscape user could possibly > browse that fast. > Because that server has a limited amount of Internet bandwidth, and because > it also handles several dial-up connections and Web sites, many people were > being severely impacted by this abuse. When we attempted to trace the > attack to the source, we noted that the abuser was attempting to prevent > the determination of his or her address by enabling reverse but not forward > name resolution. We locked them out of the Web server, but not before they > brought several e-commerce Web sites to a crawl. They probably used an off-line browser(or several of them). This stuff CAN do simultaneous downloading of web pages, images or whatever and is rather configurable. It can be configured to identify itself as MSIE, Netscape, anonymous or you choose. There are also parameters like maximum number of simultaneous threads (usual default is 10)and so-called Netiquette options(obey or not Robot Exclusion Standard, delay between threads etc.). > Who are these people? So my theory is they are who they honestly said they are. Just breaking some Netiquette rules and must be inspired(or forced)not do that anymore. --Dmitriy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?715.990524>