Date: Mon, 24 May 1999 21:24:16 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: brett@lariat.org (Brett Glass) Cc: phk@critter.freebsd.dk (Poul-Henning Kamp), 026809r@dragon.acadiau.ca (Michael Richards), freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <199905250424.VAA08832@gndrsh.aac.dev.com> In-Reply-To: <4.2.0.37.19990524100208.04727460@localhost> from Brett Glass at "May 24, 1999 10:03:38 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> I like this idea. BUT.... You'll still get their SYNs and use up kernel
> memory. (Only the OUTBOUND packets will disappear into a black hole.)
> memory for awhile. Any way to filter the incoming ones without installing
> a full-up firewall?
Yea, but they aren't going to crawl very far around your website when
it looks like your not responding. Also it should consume thier resources
at least a little bit, and I LIKE THAT IDEA!!! Hummm... lets see.. how
can I consume more of thier resources and less of mine.... ahhh. got it...
ipdivert 209.133.111.0/24 www.imagelock.com.
Yea, that outa confuse the snot out of them....... and if they change
IP's it'll still get em :-)
> --Brett
>
> At 08:39 AM 5/24/99 +0200, Poul-Henning Kamp wrote:
> >In message <Pine.GSO.4.05.9905240157240.20631-100000@dragon>, Michael Richards
> >writes:
> > >On Sun, 23 May 1999, Brett Glass wrote:
> > >
> > >> The Webmasters on this list may want to look over their logs to see
> > >> if they've been hit and not known it. grep your logs for imagelock.com;
> > >> if you find that they're abusing your server, you may want to firewall
> > >I noticed we were hit by them this evening. 1250 requests in a few
> > >minutes. Since we're not running a firewall, is there a recommended method
> > >of filtering such people out? I think I did it with apache, but I'm
> > >wondering if there is a better method.
> >
> >Add a blackhole route to them:
> >
> > route add -net <IP> -netmask <MASK> 127.0.0.1 -blackhole
> >
> >--
> >Poul-Henning Kamp FreeBSD coreteam member
> >phk@FreeBSD.ORG "Real hackers run -current on their laptop."
> >FreeBSD -- It will take a long time before progress goes too far!
> >
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
--
Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com
Accurate Automation, Inc. Reliable computers for FreeBSD
http://www.aai.dnsmgr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905250424.VAA08832>