[Dshield] DDoS Data

David Cary Hart DShield at TQMcube.com
Mon Aug 21 23:06:32 GMT 2006


This list is an incomplete list of unique IPs that were participants.
Some of these IPs hit us several hundred times each. Eventually, I
had to turn off firewall logging as it was becoming very expensive.
The most important lesson I learned is "Force the Form." In other
words, don't let anyone access CGI results directly - it's a recipe
for disaster. Require the referrer with HTTP_REFERER
(which has only one "R"). Furthermore, trying to add IPs to the
firewall from a perl script may have created more stress on resources
than it saved.

Oh, and I added a new zone - exploit.tqmcube.com to one of the mirrors
(primarily for the removal script to query). If it's of any practical
value, feel free.

Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
               Don't Subsidize Criminals: http://boulderpledge.org

More information about the list mailing list