From owner-freebsd-security Sat May 22 11:30:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id F368914E60 for ; Sat, 22 May 1999 11:30:28 -0700 (PDT) (envelope-from rgrimes@gndrsh.aac.dev.com) Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.9.3/8.9.3) id LAA04096; Sat, 22 May 1999 11:29:42 -0700 (PDT) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199905221829.LAA04096@gndrsh.aac.dev.com> Subject: Re: Denial of service attack from "imagelock.com" In-Reply-To: <4.2.0.37.19990522112658.0466ec90@localhost> from Brett Glass at "May 22, 1999 11:28:28 am" To: brett@lariat.org (Brett Glass) Date: Sat, 22 May 1999 11:29:41 -0700 (PDT) Cc: dillon@apollo.backplane.com (Matthew Dillon), security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > At 10:14 AM 5/22/99 -0700, Matthew Dillon wrote: > > > If they are actually making TCP connections, then their IP address is > > likely to be valid. This means you should be able to traceroute the > > IP address to see what the last hop network is. You can then complain > > to that network - I'd call up their NOC. > > The addresses were all over one Class C: 209.133.111/24. We've complained > to ABOVE.NET, which seems to have control of that Class C. No response yet. > Did you even try the simple way: gndrsh:root {169}# whois imagelock.com ImageLock.com (SJCENTER-DOM) SJCENTER.COM Imagelock, INC (IMAGELOCK2-DOM) IMAGELOCK.COM gndrsh:root {170}# whois \!imagelock2-dom Registrant: Imagelock, INC (IMAGELOCK2-DOM) 2125 Powell San Francisco, CA 94133 US Domain Name: IMAGELOCK.COM Administrative Contact, Technical Contact, Zone Contact: Force, Thomas (TF4115) info@IMAGELOCK.COM 415 392 3444 Billing Contact: Force, Thomas (TF4115) info@IMAGELOCK.COM 415 392 3444 Record last updated on 23-Feb-99. Record created on 23-Feb-99. Database last updated on 21-May-99 13:16:04 EDT. Domain servers in listed order: NS1.IMAGELOCK.COM 209.133.111.124 NS2.IMAGELOCK.COM 209.133.111.140 gndrsh:root {171}# host www.imagelock.com www.imagelock.com is a nickname for M0001.imagelock.com M0001.imagelock.com has address 209.133.111.124 M0001.imagelock.com mail is handled (pri=5) by M0001.imagelock.com gndrsh:root {172}# lynx www.imagelock.com Currently tracking over 7,000,000 Websites and 175,000,000 digital assets. ImageLock.com - The Ultimate Internet Tracking Tool and Intellectual Property (IP) management service, enables you to pin-point the information you need, and effortlessly enforce your IP Protection policy! ImageLock(TM) is the Internet's only source for comprehensive tracking of your website's images, logos, audio files, and text phrases across the Internet's million of websites, newgroups, FTP sites, etc... Imagelock(TM) has developed a state-of-the-art and easy-to-use Internet based service which delivers complete solutions from asset location to copyright enforcement. You specify the Website - Imagelock(TM) tracks your digital media assets and enforces your intellectual property rights throughout the Internet! Imagelock(TM) can tell you: Where are your images (logos, pictures, etc.)? Who is hot-linked to your website? Where is your name showing up? On a list? In a meta-tag? Who has your MP3 files? Who is plagiarizing your website? Who is using or abusing your intellectual property? Imagelock(TM) can provide you: ... I'd say this wasn't a purposeful DOS attack, but a major mistack on the part of imagelock's techniques... -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD http://www.aai.dnsmgr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message