* * * * *

                    Nice try, but that's an abandoned site

One reason for my journal is to document some pretty arcane technical
information, like … oh … surviving a DDoS (Distributed Denial of Service)
attack [1]. Good thing too, because one of the servers I manage—the ones that
typically get hacked and attacked [2], was under attack today.

Annoying, but nothing that I couldn't handle.

After blocking some 3,100 IP (Internet Protocol) addresses, I was of the
opinion that the source addresses were forged. While it's possible that some
hacker or hackers had control of thousands of zombie boxes, it was curious as
to why they were attacking the particular sites—just small marketing sites
that, as it turned out, were no longer used.

Once I found out the sites under attack (all under the same IP address) were
no longer needed, it was a simple matter to take down the IP address under
attack.

[1] gopher://gopher.conman.org/0Phlog:2003/12/17.1
[2] gopher://gopher.conman.org/0Phlog:2004/09/14.1

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.