North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Here we go again
- From: Eric A. Hall
- Date: Fri Mar 10 17:26:06 2000
> What to we need to do to nip this one in the bud
nearly simultaneously. The plan essentially revolves around a few
thousand users hitting "reload" at the same time, and repeatedly.
Protecting the targets will be hard. Maybe the attackers will have a
[mostly] common referer: header that you can filter against or something
similar, but whatever you do it'll have to be pretty high-level. A
high-end cache might work to keep the servers from getting overloaded
although it wouldn't help with a bandwidth crunch.
Filtering the senders would be a better long-term cure. Setting up
mechanisms that detect a high-volume of out-bound requests to a single
object would be a good way to determine if any of your customers are
involved in the attack. It's unlikely that everybody will do this though
so it's probably not an effective prevention tool.
Lawsuits, criminal procedures and other forms of spectacular example
will be the best long-term deterrant.
<HTML><HEAD><TITLE>Basic, standalone denial of service
<FRAMESET COLS="50%,50%" FRAMESPACING=0 BORDER=3
<FRAME SRC="http://www.target1.com" NAME="site1" NORESIZE
<FRAME SRC="http://www.target2.com" NAME="site2" NORESIZE
More at http://www.gn.apc.org/pmhp/ehippies/files/op1.htm
Eric A. Hall firstname.lastname@example.org