[ISN] CastleCops Hit by Another DDOS Attack

From: InfoSec News (alerts@private)
Date: Sun Mar 30 2008 - 22:22:07 PST


http://www.darkreading.com/document.asp?doc_id=149497

By Kelly Jackson Higgins
Senior Editor
Dark Reading
MARCH 28, 2008

Security watchdog site CastleCops is currently under yet another 
distributed denial-of-service (DDOS) attack. The anti-spam, anti-malware 
site manned by volunteers has been under siege from waves of botnet 
traffic since Wednesday.

CastleCops is no stranger to DDOS attacks -- it gets hit regularly, with 
its most recent attack back in August -- but this one took a different 
spin on an old trick.

"Typically, attacks involve some sort of HTTP GET, but this one seems to 
include a POST instead," says Paul Laudanski, founder and administrator 
for the CastleCops site, who says he first detected the attack on 
Wednesday morning after noticing some performance problems with the 
site.

He initially witnessed a rise in the server load and a pattern in the 
server logs that indicated a DDOS, he says.

The attack hasn.t taken down the site, but is causing occasional 
connectivity problems for visitors. "It appears we.ve attracted some 
fresh bots, too," Laudanski says.

"Apache has been saturated a few times already, necessitating manual 
httpd restarts, while ensuring bots are filtered," he says.

CastleCops, like other anti-spam and anti-cybercrime sites including 
Spamhaus, has been an obvious target for disgruntled bad guys due to its 
community-based efforts to investigate malware and phishing attacks, as 
well as its collaboration with other researchers and law enforcement.

"I think the question is: When isn.t CastleCops under DDOS attack? They 
are constantly being hit," says Alex Eckelberry, CEO of Sunbelt Software 
.

To mitigate the DDOS attack, CastleCops has been filtering traffic based 
on the attack fingerprint, according to Laudanski, and posting the 
offending IP addresses, which has kept the attack from crippling the 
site. And one member of the CastleCops community noted on the site's 
message board that the attack indicates that CastleCops has struck a 
nerve with the dark side.

"We have been rattling a lot of cages lately and to me, this DDOS shows 
we are on the right track," writes "Ernstl."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Sun Mar 30 2008 - 22:44:43 PST