If he's got it up on his website in a ton of 1-pixel frames, chances are all his [the attacker] web visitors are loading several copies of the victim's page. The only real way to filter that would be by filtering based on HTTP_REFERRER. Unless I'm mistaken I don't believe Apache yet has a mechanism to enforce mandatory delays between the same page being loaded from the same IP. -----Original Message----- From: james [mailto:jameshat_private] Sent: Monday, October 28, 2002 6:31 PM To: Hunt, Jim Cc: incidentsat_private Subject: Re: DOS ATTACK Sounds like this attack is coming from a specific IP. Blocking that IP on a router would be one obvious answer. james ----- Original Message ----- From: "Hunt, Jim" <Jim.Huntat_private> To: <Incidentsat_private> Sent: Sunday, October 27, 2002 9:59 PM Subject: DOS ATTACK > I have a friend that has a DOS Attack going on against their website. > It is being done by someone with a very popular website trying to squash a little guy. He is doing it be placing 1 pixel by 1 pixel inline frames in his webpages and having them load my friends webpage. It is killing his server and bandwidth. > > What can we do to block? The Server is W2K with IIS. > > Thanks! > ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 21:14:35 PST