Question about HTTP DDOS attacks.

From: eaxat_private
Date: Fri Mar 15 2002 - 20:13:27 PST

Next message: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."

Previous message: Tom Kapanka: "RE: Keylogger Needed Quick!"
Next in thread: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
Reply: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with
tons of HTTP requests composed of:

GET / HTTP/1.1
Host: example.com


I wrote a quick script to firewall any client that makes this type of request, and already have about 3,000 unique ip addresses in my input filters.  They're all window boxes from what I can tell.  They coming in from lots of differnet networks.

Our client's website does not get very many hits per day -- and a few thousand zombies seems like an 
awful lot to throw at a relatively unpopular/small website for a small, locally owned business.

Is an attack with a few thousand zombies considered commonplace nowdays?

Attached is a current list of attacking computers.

TIA

TEXT/plain attachment: i.txt

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
Previous message: Tom Kapanka: "RE: Keylogger Needed Quick!"
Next in thread: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
Reply: Hugo van der Kooij: "Re: Question about HTTP DDOS attacks."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 18:03:56 PST