What is this Very Stupid DOS Attack Script?
Marian Hettwer
MH at kernel32.de
Wed Apr 6 09:19:30 PDT 2005
On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte:
> I've build some swatch-rules that after two of these hits, I dump
> the host into ifpw-deny space.
>
Aye. I thought about writing a script, doing the same like yours, too.
Could you post this script somewhere, so that I could add some
functionality or just use it ?
On one hand, of course, it would make no sense to blog these attackers, as
they don't mind anyway wether they're blocked or not, on the other hand,
I'd like to see only two attempts, and not loads of pages, blowing up my
logfiles useless.
By the way, you do know, that if you block these attackers forever, you
may run into a self-made DOS attack, right ?
Imagine, you have 10 attacks per day (from 10 different IP addresses) and
you all block them, each day, for another 10 days. You already blocked 100
IP adresses then ;)
Well, perhaps your script releases the blocked IP adresses after an
specific amount of time... this would be a functionality I'd like to add
:)
So, I'd be glad if you could either upload the script on some webserver
and make it public, or if you could private mail it to me.
best regards,
Marian
More information about the freebsd-security
mailing list