From owner-freebsd-security Sun May 23 23:39:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from phk.freebsd.dk (phk.freebsd.dk [212.242.40.153]) by hub.freebsd.org (Postfix) with ESMTP id BE48D15242 for ; Sun, 23 May 1999 23:39:31 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by phk.freebsd.dk (8.9.1/8.8.8) with ESMTP id IAA02806; Mon, 24 May 1999 08:39:30 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id IAA11148; Mon, 24 May 1999 08:39:26 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Michael Richards <026809r@dragon.acadiau.ca> Cc: Brett Glass , freebsd-security@FreeBSD.ORG Subject: Re: Denial of service attack from "imagelock.com" In-reply-to: Your message of "Mon, 24 May 1999 02:00:12 -0300." Date: Mon, 24 May 1999 08:39:26 +0200 Message-ID: <11146.927527966@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Michael Richards writes: >On Sun, 23 May 1999, Brett Glass wrote: > >> The Webmasters on this list may want to look over their logs to see >> if they've been hit and not known it. grep your logs for imagelock.com; >> if you find that they're abusing your server, you may want to firewall >I noticed we were hit by them this evening. 1250 requests in a few >minutes. Since we're not running a firewall, is there a recommended method >of filtering such people out? I think I did it with apache, but I'm >wondering if there is a better method. Add a blackhole route to them: route add -net -netmask 127.0.0.1 -blackhole -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message