On Thu, Sep 25, 2003, James McDonald wrote: >David A. Bandel wrote: > >>FYI, >> >>For those of you who are interested, the spammers are winning. Yet >>another RBL is shutting down (blackhole.compu.net). They are being >>forced to shut down due to massive attacks on their servers by spammers. >> >> >I understand that nothing can be done if you saturate the pipe. But >wouldn't stateful inspection and some rules to say `when x number of >connections occur from y host in z time' cause the firewall to drop the >attacking hosts packet and at least try for partial service over none?
The attacks on Monkeys.com (RFG's site) were far beyond what could be handled by a local firewall, and were causing considerable problems for his upstream providers. A major problem is that there are huge numbers of open proxy servers, mostly Windows machines who's owners haven't a clue that their machines are being used for network abuse. It's also easy enough to mount this type of DDoS attack using the same technology that's used in the many worms that infect the Microsoft Virus, Windows. Plant he DDoS engine in Windows boxen all around 'Net aimed at the victim, and let Windows do the work for you. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Systems, Inc. UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``It is surprising how much new stuff users find that developers never do. You put a copy in front of a normal user and they find all these bugs that you would think developers would find. The real users and developers are completely different species as far as I am concerned.'' --Linux creator Linus Torvalds _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
