Security Incidents mailing list archives
Re: DOS ATTACK
From: "james" <jamesh () cybermesa com>
Date: Wed, 30 Oct 2002 00:17:01 -0700
----- Original Message ----- From: "Black, Braden" <BBlack () VSCat com> To: <Jim.Hunt () nwsc k12 in us> Cc: <Incidents () securityfocus com> Sent: Tuesday, October 29, 2002 8:41 AM Subject: RE: DOS ATTACK
Your friend might want to look at Hogwash
(http://hogwash.sourceforge.net/).
Set it up on a box upstream of the web server, and configure it to send a reset for any HTTP request that includes a referrer of the attacker's
site. Snort itself will do this with the Flex Resp plug-in. A rule that keys on the specific content indicating this referal can call on Flex Resp to send a spoofed RST's to both sides of the connection; ICMP <whatever> unreachables can also be sent. Flex Resp is based on the LibNet packet writing library. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: DOS ATTACK, (continued)
- Re: DOS ATTACK Gary Flynn (Oct 30)
- Re: DOS ATTACK Kurt Seifried (Oct 31)
- Re: DOS ATTACK Jay D. Dyson (Oct 31)
- Re: DOS ATTACK Gary Flynn (Oct 31)
- Re: DOS ATTACK Gary Flynn (Oct 30)
- Re: DOS ATTACK Richard Archer (Oct 29)
- RE: DOS ATTACK David Vincent (Oct 28)
- RE: DOS ATTACK McCammon, Keith (Oct 28)
- RE: DOS ATTACK Rob Keown (Oct 28)
- RE: DOS ATTACK Muhammad Faisal Rauf Danka (Oct 28)
- RE: DOS ATTACK Black, Braden (Oct 29)
- Re: DOS ATTACK james (Oct 30)
- RE: DOS ATTACK McCammon, Keith (Oct 31)