From owner-freebsd-security Sun May 23 14:30:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from quaggy.ursine.com (lambda.blueneptune.com [209.133.45.179]) by hub.freebsd.org (Postfix) with ESMTP id 0909014DE9 for ; Sun, 23 May 1999 14:30:47 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Received: from michael (lambda.ursine.com [209.133.45.69]) by quaggy.ursine.com (8.9.2/8.9.2) with ESMTP id OAA26228 for ; Sun, 23 May 1999 14:30:48 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <199905231430560660.0E88073E@quaggy.ursine.com> In-Reply-To: <199905231424140440.0E81E3D5@quaggy.ursine.com> References: <4.2.0.37.19990522105949.0465d4a0@localhost> <4.2.0.37.19990522105949.0465d4a0@localhost> <4.2.0.37.19990523131810.04669d30@localhost> <199905231424140440.0E81E3D5@quaggy.ursine.com> X-Mailer: Calypso Version 3.00.00.13 (2) Date: Sun, 23 May 1999 14:30:56 -0700 From: "Michael Bryan" To: freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I previously wrote: > >I wrote >a letter to 'info@imagelock.com', asking that they cease and desist of >all scans of web servers in our network. Within an hour I had a >response from 'belanger@imagelock.com'. He indicated that he had >added our domain to the "do not scan" list they maintain. So he >was at least responsive, and on a Sunday to boot. > >Of course, I then pointed out to him that what I wanted was for our >entire network range to be fully bypassed by their scans, not just >our main domain. We have several hosted domains, and I don't want >to have to keep his list updated everytime we add/delete a domain. >I haven't heard back yet, but I would hope that they are capable of >blocking by IP address in addition to domain name. I got another response, again in fairly short order, indicating that this is exactly what they have done. He also gave me a phone number to call if I should ever notice their spider visiting our web sites again in the future. So they are responsive to requests to be put on their "don't scan me" list. That doesn't change the fact that their scanning methods are on the harsh side, but at least you can get them to stop scanning your network without adding another firewall rule. Michael Bryan fbsd-security@ursine.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message