I use a routine that was developed to counter the Welchia ping attacks. Packets are captured with SNORT, and then added to a database via a perl script, and then another perl script to block you at the router.
As for someone saying the attacking a network not under your control is ethical and Legal, I will remind that person that this system is in Texas, and we have statutes making the practice illegal, and subject to substantial fines. Put that together with an Attorney General who is enthusiastic about prosecuting computer crimes. Like it or not, unnecessary internet traffic is just that, unnecessary. So get a real job. ====================================== Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases. ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: "jon hall" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, September 24, 2003 1:51 PM Subject: Re: Auto Pinging Script? | For 15 pings? Sheesh man...just filter icmp and be done with it if | that's the way you feel. How are you counting and triggering the | events? I could see doing this with IDS, but would think doing | something like that on the router would cause performance issues if | the counter window was long enough. Hell, it would probably make the | router easier to DOS...lol | | To answer the original question...I recommend something along the | lines of IPSwitch's WhatsUp, or one of the web based services out | there. | | -- | jon | mailto:[EMAIL PROTECTED] | | Wednesday, September 24, 2003, 2:18:56 PM, you wrote: | DW> You do this on my domain(s) and on the sixth ping you would be locked out of | DW> access to the system, and on the 15th ping, you would be reported to your ISP in | DW> the hopes of getting your service terminated, with additional reports to your | DW> ISP periodically thereafter, and then followed by a complaint filed with | DW> appropriate Law Enforcement. | | DW> You see, there are much better ways of evaluating a service provider than what | DW> could be considered a DDOS or intrusion attempt. | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm?link=i:4:138310 Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
