Date: Mon, 24 May 1999 21:24:16 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: brett@lariat.org (Brett Glass) Cc: phk@critter.freebsd.dk (Poul-Henning Kamp), 026809r@dragon.acadiau.ca (Michael Richards), freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Message-ID: <199905250424.VAA08832@gndrsh.aac.dev.com> In-Reply-To: <4.2.0.37.19990524100208.04727460@localhost> from Brett Glass at "May 24, 1999 10:03:38 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> I like this idea. BUT.... You'll still get their SYNs and use up kernel > memory. (Only the OUTBOUND packets will disappear into a black hole.) > memory for awhile. Any way to filter the incoming ones without installing > a full-up firewall? Yea, but they aren't going to crawl very far around your website when it looks like your not responding. Also it should consume thier resources at least a little bit, and I LIKE THAT IDEA!!! Hummm... lets see.. how can I consume more of thier resources and less of mine.... ahhh. got it... ipdivert 209.133.111.0/24 www.imagelock.com. Yea, that outa confuse the snot out of them....... and if they change IP's it'll still get em :-) > --Brett > > At 08:39 AM 5/24/99 +0200, Poul-Henning Kamp wrote: > >In message <Pine.GSO.4.05.9905240157240.20631-100000@dragon>, Michael Richards > >writes: > > >On Sun, 23 May 1999, Brett Glass wrote: > > > > > >> The Webmasters on this list may want to look over their logs to see > > >> if they've been hit and not known it. grep your logs for imagelock.com; > > >> if you find that they're abusing your server, you may want to firewall > > >I noticed we were hit by them this evening. 1250 requests in a few > > >minutes. Since we're not running a firewall, is there a recommended method > > >of filtering such people out? I think I did it with apache, but I'm > > >wondering if there is a better method. > > > >Add a blackhole route to them: > > > > route add -net <IP> -netmask <MASK> 127.0.0.1 -blackhole > > > >-- > >Poul-Henning Kamp FreeBSD coreteam member > >phk@FreeBSD.ORG "Real hackers run -current on their laptop." > >FreeBSD -- It will take a long time before progress goes too far! > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD http://www.aai.dnsmgr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905250424.VAA08832>