What is this?
Back to Historical ListingYes! We have been hit with a DoS!
- 2003-02-25 07:39:25
I'm sure many of you noticed that we lost web services for SlithyToves.ORG and all of the hosted sites here. The reason? We were hit with what amounted to be a Denial of Service attack. Some spammer company was attempting to relay sendmail through our apache server. About 8000 times in a one hour span. Proxy was turned off, so our home page was displayed. - - - -
This poor little Pentium II 450 Mhz machine's load went from 0.01 to 60+. I noticed that 2 IPs were slamming us (66.28.240.119, 66.28.240.117). I contacted abuse@cogentco.com and after providing some logs got this response:
Hello Kurt,
I have contacted our customer who these IPs are assigned to their network.
If this is continuing to affect your network please contact your ISP and
have them try to filter it or have them track it to our peer with them.
Normally they can filter this type of traffic out. In the meanwhile if we do
not hear back from our customer in a reasonable amount of time we will go
ahead and null route the offending IP addresses. Please let me know if this
issue continues.
Thanks,
Dave Harlow
Cogent Communications
Network Abuse
http://Cogentco.com/policy
Which is all well and good, but why would it ever be up to our ISP to filter them out when they have someone running amok?
At any rate, I installed iptables and just blocked those 2 ips entirely. We were down for about 2 or 3 hours while I was trying to sort things out. I had initially thought that it was some software upgrades I had done over the weekend, or a misconfigured apache configuration file.
After some more investigation it's some online medical spam group that sells viagra. I haven't been one to rail against spammers all that much. I mean, it's pretty trivial for me to write some filter rules on my email and ignore the 40+ I get per day. But after yesterday, I was pretty hot. Spam if you want, but do it from your OWN machine. Good grief.
Back to Historical Listing