Re: DDoS Attack

From: Andrew Anderson (koserve99at_private)
Date: Fri May 23 2003 - 09:12:08 PDT

Next message: Jimi Thompson: "Re: A question for the list..."

Previous message: Stephen P. Berry: "Re: A question for the list..."
Maybe in reply to: Steven Shepherd: "DDoS Attack"
Next in thread: Justin Pryzby: "Re: DDoS Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <3ECD0537.7050208at_private> - The request strings look like they belong to a GT Bot. - As for the erroneous request it looks like it's a parsing error in apache. - As a suggestion I would filter out any get requests with the @ symbol unless you have any file/folders that contain the @ symbol. >Our parent company is experiencing a very odd/severe DDoS attack coming >from all over the place. For the most part, the attack is occuring at >the Apache level. Log files show this request: > >[Tue May 20 09:13:33 2003] [error] [client 194.xxx.xxx.xxx] request >failed: erroneous characters after protocol string: -nb GET >!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!! @#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%! ^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!-nb >GET >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-nb >GET >!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!! @#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!!@#%! ^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!^&!*&!%&!%!@#%!^@)&!-nb >GET +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + >+ATH0+ + +ATH0+ + +ATH0+ + +\x01TH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ >+ +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ + +ATH0+ >+ +ATH0+ > >Scans of some of the attacking IP's show BackOrifice installations. > >Has anyone had this sort of attack and what would be the best way to >combat it? Not much luck from the upstream(s) thus far. > ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------

Next message: Jimi Thompson: "Re: A question for the list..."
Previous message: Stephen P. Berry: "Re: A question for the list..."
Maybe in reply to: Steven Shepherd: "DDoS Attack"
Next in thread: Justin Pryzby: "Re: DDoS Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 23 2003 - 11:35:19 PDT