[Dshield] preventing brute force with spoof / proxied (Goldeneye etc.)

Frank Rizzo frankrizzocalled at hotmail.com
Thu May 23 00:15:57 GMT 2002


>>Do the proxies happen to be displaying his IP in the "X-Forwarded-For" 
>>HTTP header?  I realize some proxies don't send that header, but if these 
>>do...>>

Unfortunately no. The thing with these brute force programs is that they 
test for proxies that dont have the x-forwarded-for on. When they look for 
proxies they get like green lights and black lights to show which proxies to 
use.

I tell you I have emailed over 100 webmaster/hostmaster/abuse/personalnames 
obtained from whois lookups the past 3 nights. I'm requesting they check 
their logs to give me the true IP address (as long as its not spoofed or 
proxied from a proxy)

Someone tell me fight back works. I'm not seeing the results yet.



_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com




More information about the list mailing list