On Thu, 25 Sep 2003 08:16:59 +1000
James McDonald <[EMAIL PROTECTED]> wrote:
> I understand that nothing can be done if you saturate the pipe. But
> wouldn't stateful inspection and some rules to say `when x number of
> connections occur from y host in z time' cause the firewall to drop the
> attacking hosts packet and at least try for partial service over none?
It's a DDoS attack. Distributed. From an anti-spam list...
This kind of "spread the targets" tactic has been tried in the
past to protect IRC servers/websites and admins, but fails dramatically
in the face of 20-50,000 cable-connected zombies being used for DDoS -
they can spread the targetting around or simply bring another 10,000
machines into the attack.
Yes, they really do have botnets this large. :-(
Soon everyone except the script kiddies will hate Microsoft.
--
-----------------------------------------------------------------------
| Alan K. Jackson | To see a World in a Grain of Sand |
| [EMAIL PROTECTED] | And a Heaven in a Wild Flower, |
| www.ajackson.org | Hold Infinity in the palm of your hand |
| Houston, Texas | And Eternity in an hour. - Blake |
-----------------------------------------------------------------------
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
