| | Re: NNTP is working (mostly)
|
|
(...) Just a passing idea.. setting up a tarpit to mimmic the NNTP server, then sending the misbehaving traffic there rather than blocking it. That might slow down the offending servers to such a point that they back off. Ray (21 years ago, 24-Sep-03, to lugnet.admin.nntp)
|
|
| | Re: NNTP is working (mostly)
|
|
(...) Yup, started doing that Monday evening. It worked quite well for a while, until the author of the attacks discovered the tarpit behavior and adapted. --Todd (21 years ago, 24-Sep-03, to lugnet.admin.nntp)
|
|
| | Re: NNTP is working (mostly)
|
|
(...) Cool. One person posting over on BL suggested that the attack might be a generic SWEN attack looking to gather email addresses for other neferious purposes. One site[1] has chossen to move the NNTP port to 1119 temporarily until such time as (...) (21 years ago, 25-Sep-03, to lugnet.admin.nntp)
|
|
| | Re: NNTP is working (mostly)
|
|
(...) Todd, pardon my ignorance, but is this a DoS aimed at Lugnet specifically, or a more generic NNTP attack? who would want to pester Lugnet? Chris (21 years ago, 25-Sep-03, to lugnet.admin.nntp)
|
|
| | Re: NNTP is working (mostly)
|
|
(...) Adapted you say, could this be the BORG !!! (:-)) (21 years ago, 25-Sep-03, to lugnet.admin.nntp)
|
|
| | (canceled)
|
|
|
|
| | Please cancel my last message.
|
|
Todd, Could you cancel my previous message to this group? I was grumpy from lugnet withdrawl and posted without thinking first. Don (21 years ago, 25-Sep-03, to lugnet.admin.nntp)
|
|
| | Re: NNTP is working (mostly)
|
|
(...) Hard to know for sure. More and more, it's seeming like the former rather than the latter. Early on, the attacks all consisted of commands to repeatedly list the contents of known existing newsgroups on this server, which made it seem (...) (21 years ago, 25-Sep-03, to lugnet.admin.nntp)
|