http://www.darkreading.com/document.asp?doc_id=149497 By Kelly Jackson Higgins Senior Editor Dark Reading MARCH 28, 2008 Security watchdog site CastleCops is currently under yet another distributed denial-of-service (DDOS) attack. The anti-spam, anti-malware site manned by volunteers has been under siege from waves of botnet traffic since Wednesday. CastleCops is no stranger to DDOS attacks -- it gets hit regularly, with its most recent attack back in August -- but this one took a different spin on an old trick. "Typically, attacks involve some sort of HTTP GET, but this one seems to include a POST instead," says Paul Laudanski, founder and administrator for the CastleCops site, who says he first detected the attack on Wednesday morning after noticing some performance problems with the site. He initially witnessed a rise in the server load and a pattern in the server logs that indicated a DDOS, he says. The attack hasn.t taken down the site, but is causing occasional connectivity problems for visitors. "It appears we.ve attracted some fresh bots, too," Laudanski says. "Apache has been saturated a few times already, necessitating manual httpd restarts, while ensuring bots are filtered," he says. CastleCops, like other anti-spam and anti-cybercrime sites including Spamhaus, has been an obvious target for disgruntled bad guys due to its community-based efforts to investigate malware and phishing attacks, as well as its collaboration with other researchers and law enforcement. "I think the question is: When isn.t CastleCops under DDOS attack? They are constantly being hit," says Alex Eckelberry, CEO of Sunbelt Software . To mitigate the DDOS attack, CastleCops has been filtering traffic based on the attack fingerprint, according to Laudanski, and posting the offending IP addresses, which has kept the attack from crippling the site. And one member of the CastleCops community noted on the site's message board that the attack indicates that CastleCops has struck a nerve with the dark side. "We have been rattling a lot of cages lately and to me, this DDOS shows we are on the right track," writes "Ernstl." ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Mar 30 2008 - 22:44:43 PST