Security Incidents mailing list archives
Question about HTTP DDOS attacks.
From: eax () 3xT org
Date: Fri, 15 Mar 2002 20:13:27 -0800 (PST)
For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with tons of HTTP requests composed of: GET / HTTP/1.1 Host: example.com I wrote a quick script to firewall any client that makes this type of request, and already have about 3,000 unique ip addresses in my input filters. They're all window boxes from what I can tell. They coming in from lots of differnet networks. Our client's website does not get very many hits per day -- and a few thousand zombies seems like an awful lot to throw at a relatively unpopular/small website for a small, locally owned business. Is an attack with a few thousand zombies considered commonplace nowdays? Attached is a current list of attacking computers. TIA
Attachment:
i.txt
Description:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Question about HTTP DDOS attacks. eax (Mar 17)
- Re: Question about HTTP DDOS attacks. Hugo van der Kooij (Mar 18)
- Re: Question about HTTP DDOS attacks. Kyle R. Hofmann (Mar 18)
- Re: Question about HTTP DDOS attacks. Hugo van der Kooij (Mar 18)