Blocking any single I.P address will not solve this problem, since the request is not made by the owner of those webpages, but their visitor's browser everytime a visitor visits, evnetually causing a Denial of Service for the person whose website is fetched uselessly on every visit. First of all you inform the I.P owners and webhosting company if any used about the scenario. Secondly, if any JPG, or GIF or any (rename-able) resource is fetched from your friend's server everytime, then your friend can change it's name and fix the links in his html, The misuser will have to keep updating his pages, but you'll be the on in lead. Also if it is your index page being fetched, you could place a plain index.html page with little bit of java scripting or maybe lesser time refresh tags to redirect to the subsiding link, say index1.html, again you'd be the one in lead with the misuser everytime he also changes the links. You could try Java Script popups for sometime to see if they appear on the misuer's webpage too, If yes then send the message across to his visitors that he is using such techniques to cause harm. Eventually the mis-user will either give up or brought down by his I.P owners/Webhosting company. Best of Luck. Regards -------- Muhammad Faisal Rauf Danka Head of GemSEC / Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Key Id: 0x784B0202 Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B 784B 0202 --- David Vincent <david.vincentat_private> wrote: >add a firewall (such as the wonderful kerio personal firewall - >http://www.kerio.com) and block that IP from accessing the machine. > >you might have to do some digging at http://www.samspade.org to figure out >what IP blocks the big guy owns and therefore might be sources of the >attack. > >-d > > > >-----Original Message----- >From: Hunt, Jim [mailto:Jim.Huntat_private] >Sent: October 27, 2002 8:59 PM >To: Incidentsat_private >Subject: DOS ATTACK > > >I have a friend that has a DOS Attack going on against their website. It is >being done by someone with a very popular website trying to squash a little >guy. He is doing it be placing 1 pixel by 1 pixel inline frames in his >webpages and having them load my friends webpage. It is killing his server >and bandwidth. > >What can we do to block? The Server is W2K with IIS. > >Thanks! > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email address for FREE! Get youat_private w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 21:39:04 PST