From owner-freebsd-security Sun May 23 18:11:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from Rigel.orionsys.com (rigel.orionsys.com [205.148.224.9]) by hub.freebsd.org (Postfix) with ESMTP id AB62414DA3 for ; Sun, 23 May 1999 18:11:37 -0700 (PDT) (envelope-from root@Rigel.orionsys.com) Received: from localhost (root@localhost) by Rigel.orionsys.com (8.8.8/8.8.8) with ESMTP id SAA15019; Sun, 23 May 1999 18:11:29 -0700 (PDT) (envelope-from root@Rigel.orionsys.com) Date: Sun, 23 May 1999 18:11:28 -0700 (PDT) From: David Babler To: Michael Bryan Cc: freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" In-Reply-To: <199905231424140440.0E81E3D5@quaggy.ursine.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 23 May 1999, Michael Bryan wrote: > On 5/23/99 at 1:23 PM Brett Glass wrote: > >I don't know whether or not this would help. But complaining to their > >ISP probably would. > > Or to them directly... > > Some things I noted about their scans in our log files: > > 1) They -are- requesting a robots.txt file before every scan wave. > Whether or not they utilize this, I cannot tell, as we don't have > a robots.txt file in use at this time. They get it, and ignore it. They're just sucking up all files they see, since, as I said, I have webpoison installed. Webpoison is intended to befuddle brain-dead spam address harvesters by generating an infinite number of "interesting" pseudo-random web pages containing what look like more links (more webpoison pages) and email addresses (all bogus). The links on the page are invisible to humans and included in the robots.txt file, so legitimate robots never should go there. Our imagelock.com friends spent a LONG time there. -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message