Security Incidents mailing list archives
Re: Question about HTTP DDOS attacks.
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Mar 2002 07:42:47 +0100 (CET)
On Fri, 15 Mar 2002 eax () 3xT org wrote:
For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with tons of HTTP requests composed of: GET / HTTP/1.1 Host: example.com
These are in fact valid request if I setup a link like: <a href="http://example.com/"> or even <a href="http://example.com"> Do you have any referrer information to disclose as well? An apache server with full referer logging would tell you this and it could lead you to the source. It may be a DDOS attack but it could as well be just a link that got typed wrong on a popular site. (Say with a link to warez software or over exposed pictures. ;-) There is no evidence this is a real attack with the information you provided yet. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Question about HTTP DDOS attacks. eax (Mar 17)
- Re: Question about HTTP DDOS attacks. Hugo van der Kooij (Mar 18)
- Re: Question about HTTP DDOS attacks. Kyle R. Hofmann (Mar 18)
- Re: Question about HTTP DDOS attacks. Hugo van der Kooij (Mar 18)