Your friend might want to look at Hogwash (http://hogwash.sourceforge.net/). Set it up on a box upstream of the web server, and configure it to send a reset for any HTTP request that includes a referrer of the attacker's site. This will prevent any of the DOS hits from ever hitting the web server. Furthermore, it will save your friend's bandwidth, as every inbound DOS connection will be reset before any significant volume of traffic has come across the line. - Braden ----- Original Message ----- From: "Hunt, Jim" <Jim.Huntat_private> To: <Incidentsat_private> Sent: Sunday, October 27, 2002 11:59 PM Subject: DOS ATTACK > I have a friend that has a DOS Attack going on against their website. It is being done by someone with a very popular website trying to squash a little guy. He is doing it be placing 1 pixel by 1 pixel inline frames in his webpages and having them load my friends webpage. It is killing his server and bandwidth. > > What can we do to block? The Server is W2K with IIS. > > Thanks! > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 18:00:28 PST