[Dshield] Substantial DDoS: Forensics?
David Cary Hart
DShield at TQMcube.com
Thu Aug 17 00:51:06 GMT 2006
Using swatch for adaptive firewalling, I have now added about 2,500
IPs to the firewall (I have also taken some CGI off line). The list
is growing by the minute.
Fortunately, I was running a tail and I saw this pretty early
(although the server did crash). The question is this; Has anyone out
there been able to develop a pattern from the IP addresses and the
firewall (IPtables) log to track down the source? BTW, they have a
common user agent.
I haven't done a geographic breakdown yet but my quick take is that
they seem widely distributed.
Any help would be appreciated.
Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
Don't Subsidize Criminals: http://boulderpledge.org
More information about the list