Complete.Org: Mailing Lists: Archives: discussion: August 2001:
[aclug-L] Re: Denied connections
Home

[aclug-L] Re: Denied connections

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <discussion@xxxxxxxxx>
Subject: [aclug-L] Re: Denied connections
From: Chris Owen <owenc@xxxxxxxxxxxx>
Date: Mon, 27 Aug 2001 20:07:18 -0500 (CDT)
Reply-to: discussion@xxxxxxxxx

On Mon, 27 Aug 2001, gLaNDix wrote:

> On Sun, 26 Aug 2001, John Alexander wrote:
>
> > (read aggressive) policy towards NT/2000 server maintenance). Not a single
> > one (and their are a few) Linux boxes were affected.
>
> not 100% true as one may think...  my FreeBSD box goes in and out of
> service because of all the traffic i'm getting...  Sure, the exploit
> doesn't apply to *bsd/*nix but the resulting traffic *can* affect it
> (of course if you've got some dang fast connection and a better box
> than my 486, you probably don't notice it! : ^ )
>
> now for my question...  is there any better way to prevent the above
> DoS from happening on my system than firewalling off ALL connections
> from infected hosts (taken from my httpd-access.log file) and
> reporting them to their respective ISP?  That's what I've done so far,
> and I haven't really noticed much of a slow-down...  i'm getting
> NAILED by RR and shawcable customers (shawcable wants me to report
> EACH IP SEPERATELY to them w/ the corresponding log entry...  i've got
> over 300 hosts blocked!  ARG!)
>
> any suggestions are MORE than welcome!!!

Really anything less than a few of these a second shouldn't be causing a
noticable slowdown even on a 486.  One thing you can do though is install
a /default.ida file on your machine.  The Code Red request is a GET
request so just putting a small text file there will prevent the 404
errors.  My guess is that sending a 10 byte text file out may be less
resource intensive than a really long BS URL that returns a error.  It
will also clean up your logs.

Chris

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen             ~  Hubris Communications  ~  Lottery (noun):
PO Box 1969            ~  120 S Market Suite 101 ~     A stupidity tax
Garden City, KS 67846  ~  Wichita, KS 67202      ~
Voice: (620) 275-1900  ~  Voice: (316) 858-3000  ~
Fax:   (620) 275-0313  ~  Fax:   (316) 858-3001  ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]