[Dshield] speedy!

WMAVT@aol.com WMAVT at aol.com
Tue Mar 30 22:12:54 GMT 2004


Give Steve Gibsons site a look, DRDoS is DRDos
http://grc.com/dos/grcdos.htm
"Before we can study and understand the mechanics of the distributed 
reflection attack, we need some understanding of the operation of TCP — the T
ransmission Control Protocol used to connect remote machines over the Internet. "
    this should help have Fun Bill  



========Original Message======== 
Subj:   Re: [Dshield] speedy!   
Date:   3/30/2004 2:33:07 PM Mountain Standard Time 
From:    security at admin.fulgan.com (Stephane Grobety)
Sender:  list-bounces at dshield.org
Reply-to: <A HREF="mailto:list at dshield.org">list at dshield.org</A> (General DShield Discussion List)
To:    list at dshield.org (General DShield Discussion List)
    
    


e> Could anybody please tell me what generates www.speedy!.com because
e> I just faced a Dos by a customer generating thousands of requests
e> to this url which brought our ADSL router and the CACHE engine to
e> their knees. How can I go about fighting this back.

This URL doesn't and can't resolve: the "!" character isn't authorized
in the DNS system and cannot currently be converted using IDNA
(international DNS encoding).

www.speedy.com, however, does resolve: it's a french company that is
in the "quick car fix" business (tires, exhausts, etc.).

Do you have a capture of the faulty packets ?

Good luck,
Stephane


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list


----------------------- Headers --------------------------------
Return-Path: <list-bounces at dshield.org>
Received: from  rly-xj06.mx.aol.com (rly-xj06.mail.aol.com [172.20.116.44]) 
by air-xj01.mail.aol.com (v98.19) with ESMTP id MAILINXJ12-72a4069e788355; Tue, 
30 Mar 2004 16:33:07 -0500
Received: from  mail.giac.net (mail1.giac.net [65.173.218.103]) by 
rly-xj06.mx.aol.com (v98.5) with ESMTP id MAILRELAYINXJ68-72a4069e788355; Tue, 30 Mar 
2004 16:32:56 -0500
Received: (qmail 10038 invoked from network); 30 Mar 2004 21:25:35 -0000
Received: from  (HELO dshield.com) (@)
  by 0 with SMTP; 30 Mar 2004 21:25:35 -0000
Received: from maverick12.sans.org (localhost.localdomain [127.0.0.1])
    by dshield.com (8.11.6/8.11.6) with ESMTP id i2ULMNi00681;
    Tue, 30 Mar 2004 21:22:23 GMT
Received: from mail.giac.net (iceman1 [65.173.218.103])
    by dshield.com (8.11.6/8.11.6) with SMTP id i2U80Si09559
    for <list at maverick12.sans.org>; Tue, 30 Mar 2004 08:00:28 GMT
Received: (qmail 12375 invoked from network); 30 Mar 2004 08:00:28 -0000
Received: from  (HELO dshield.org) (@)
    by 0 with SMTP; 30 Mar 2004 08:00:28 -0000
Old-Received: (qmail 12361 invoked from network); 30 Mar 2004 08:00:24 -0000
Old-Received: from git.deckpoint.net (HELO mail.fulgan.com) (194.38.160.236)
    by 0 with SMTP; 30 Mar 2004 08:00:24 -0000
Old-Received: from pcsteph.office.git.ch ([195.15.10.36])
  by mail.fulgan.com (Mail server) with ASMTP (SSL) id JHA74159
    for <list at dshield.org>; Tue, 30 Mar 2004 10:00:21 +0200
Date: Tue, 30 Mar 2004 10:00:20 +0200
From: Stephane Grobety <security at admin.fulgan.com>
Organization: fulgan.com
X-Priority: 3 (Normal)
Message-ID: <1444907275.20040330100020 at admin.fulgan.com>
To: General DShield Discussion List <list at dshield.org>
Subject: Re: [Dshield] speedy!
In-Reply-To: <001c01c415a4$92bbfd70$720510ac at reporter.nets.com.jo>
References: <001c01c415a4$92bbfd70$720510ac at reporter.nets.com.jo>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.60.3 (1.212-2003-09-23-exp) on fulgan
X-Spam-Level: *
X-Spam-Status: No, hits=1.2 required=6.0 tests=PRIORITY_NO_NAME autolearn=no 
    version=2.60.3
X-Spam-Report: *  1.2 PRIORITY_NO_NAME Message has priority setting, but no 
X-Mailer
Old-X-Envelope-To: list at dshield.org
X-Seen-By: bob list
X-Envelope-To: UNKNOWN
X-Mailman-Approved-At: Tue, 30 Mar 2004 21:17:40 +0000
X-BeenThere: list at dshield.org
X-Mailman-Version: 2.1.4
Precedence: list
Reply-To: General DShield Discussion List <list at dshield.org>
List-Id: General DShield Discussion List <list.dshield.org>
List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=unsubscribe>
List-Archive: <http://www.dshield.org/pipermail/list>
List-Post: <mailto:list at dshield.org>
List-Help: <mailto:list-request at dshield.org?subject=help>
List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=subscribe>
Sender: list-bounces at dshield.org
Errors-To: list-bounces at dshield.org
X-AOL-IP: 65.173.218.103
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0









More information about the list mailing list