[Dshield] Substantial DDoS: Forensics?

David Cary Hart DShield at TQMcube.com
Thu Aug 17 00:51:06 GMT 2006


Using swatch for adaptive firewalling, I have now added about 2,500
IPs to the firewall (I have also taken some CGI off line). The list
is growing by the minute.

Fortunately, I was running a tail and I saw this pretty early
(although the server did crash). The question is this; Has anyone out
there been able to develop a pattern from the IP addresses and the
firewall (IPtables) log to track down the source? BTW, they have a
common user agent.

I haven't done a geographic breakdown yet but my quick take is that
they seem widely distributed. 

Any help would be appreciated.

-- 
Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
               Don't Subsidize Criminals: http://boulderpledge.org


More information about the list mailing list