Security Incidents: RE: DOS ATTACK

["Black, Braden" <BBlack () VSCat com>]

Your friend might want to look at Hogwash (http://hogwash.sourceforge.net/).
Set it up on a box upstream of the web server, and configure it to send a
reset for any HTTP request that includes a referrer of the attacker's site.
This will prevent any of the DOS hits from ever hitting the web server.
Furthermore, it will save your friend's bandwidth, as every inbound DOS
connection will be reset before any significant volume of traffic has come
across the line.

- Braden

----- Original Message -----
From: "Hunt, Jim" <Jim.Hunt () nwsc k12 in us>
To: <Incidents () securityfocus com>
Sent: Sunday, October 27, 2002 11:59 PM
Subject: DOS ATTACK


> I have a friend that has a DOS Attack going on against their website.  It
is being done by someone with a very popular website trying to squash a
little guy.  He is doing it be placing 1 pixel by 1 pixel inline frames in
his webpages and having them load my friends webpage.  It is killing his
server and bandwidth.
> What can we do to block?  The Server is W2K with IIS.
>
> Thanks!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com