Subject:
|
Re: NNTP is working (mostly)
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Thu, 25 Sep 2003 18:01:50 GMT
|
Viewed:
|
2913 times
|
| |
|
|
In lugnet.admin.nntp, Todd Lehman wrote:
> In lugnet.admin.nntp, Ray Sanders wrote:
> > Just a passing idea.. setting up a tarpit to mimmic the NNTP server, then
> > sending the misbehaving traffic there rather than blocking it. That might
> > slow down the offending servers to such a point that they back off.
>
> Yup, started doing that Monday evening. It worked quite well for a while,
> until the author of the attacks discovered the tarpit behavior and adapted.
>
> --Todd
Cool. One person posting over on BL suggested that the attack might be a generic
SWEN attack looking to gather email addresses for other neferious purposes. One
site[1] has chossen to move the NNTP port to 1119 temporarily until such time as
the attacks back off. One possible avenue would be to do so and announce the
move via the web interface. OTOH, if this is a directed attack against LUGNET,
then it might be most interesting to identify who and why.
Ray
[1] http://www.sff.net/maintenance.asp
|
|
Message is in Reply To:
 | | Re: NNTP is working (mostly)
|
| (...) Yup, started doing that Monday evening. It worked quite well for a while, until the author of the attacks discovered the tarpit behavior and adapted. --Todd (21 years ago, 24-Sep-03, to lugnet.admin.nntp)
|
13 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
