----- Original Message ----- From: "Black, Braden" <BBlackat_private> To: <Jim.Huntat_private> Cc: <Incidentsat_private> Sent: Tuesday, October 29, 2002 8:41 AM Subject: RE: DOS ATTACK > Your friend might want to look at Hogwash (http://hogwash.sourceforge.net/). > Set it up on a box upstream of the web server, and configure it to send a > reset for any HTTP request that includes a referrer of the attacker's site. Snort itself will do this with the Flex Resp plug-in. A rule that keys on the specific content indicating this referal can call on Flex Resp to send a spoofed RST's to both sides of the connection; ICMP <whatever> unreachables can also be sent. Flex Resp is based on the LibNet packet writing library. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 13:15:47 PST