Webnazis R Us

[David A. Bandel]

On Tue, 1 Jul 2003 09:46:41 -0700
Bill Campbell <linux-sxs at celestial.com> wrote:

[snip]

> 
> On the other hand, there are serious problems with open relays and
> open proxies on major cable providers such as Comcast, Road Runner, et
> al caused by clueless folks who just plug in their Windows viruses
> directly.  The``Code Red'' and ``Nimda'' worms propagated through open
> IIS servers, and a huge percentage of these I saw in our logs were
> from these same broadband cable networks.
> 
> Some responsible cable companies blocked port 80 to their customer's
> sites in response to the ``Code Red'' attacks which cut the volume
> down dramatically.
> 
[snip]

We had a little debate going over Internet Service Deniers on the
ISP-Linux list.  A number of ISPs supported denying outgoing ports
(mostly 25).  While I don't like some traffic, denying ports is not the
way to stop this nonsense.

For those of you who want to seriously slow the problem down, check out
the tarpit (a la la brea) patch to iptables/netfilter.  Using this can
cause a system to hang for up to 25 minutes while hitting ports of yours
they shouldn't.  Just put this on port 80 of several internet connected
hosts that don't provide web service and you can seriously slow down
attacks against your network. Caution: many hits can cause the server
doing this serious memory distress as all these connections are tracked,
so make your tar baby one that isn't in heavy production.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
		Nemesis Racing Team motto
GPG key autoresponder:  mailto:david_key at pananix.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20030701/0feed3b5/attachment.pgp