Subject:
|
Re: NNTP is working (mostly)
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Thu, 25 Sep 2003 20:41:31 GMT
|
Viewed:
|
3581 times
|
| |
|
|
In lugnet.admin.nntp, Chris Magno wrote:
> Todd,
> pardon my ignorance, but is this a DoS aimed at Lugnet specifically, or a
> more generic NNTP attack?
Hard to know for sure. More and more, it's seeming like the former rather than
the latter. Early on, the attacks all consisted of commands to repeatedly
list the contents of known existing newsgroups on this server, which made it
seem specially tailored. More recently, the requests have attempted to list
the contents of apparently random newsgroups not carried here (but recognizable
newsgroup names from Usenet). This seems to suggest possibly a more widespread
DDoS attack rather than one specially tailored.
I think we'll have a much better idea in 24 hours. Port 119 has been disabled
as an NNTP port, but the alternate ports (1119, 8000, 8080) are still active.
If this is a specifically aimed DDoS attack, then we should expect to see the
attacks adapt and begin hammering the alternate ports instead. Otherwise, it
suggests that this was a widespread DDoS attacking NNTP servers at random.
Evidence suggested elsewhere on this thread also corroborates that theory.
(My thanks to whomever it was who mentioned the sff.net site.)
--Todd
|
|
Message is in Reply To:
 | | Re: NNTP is working (mostly)
|
| (...) Todd, pardon my ignorance, but is this a DoS aimed at Lugnet specifically, or a more generic NNTP attack? who would want to pester Lugnet? Chris (21 years ago, 25-Sep-03, to lugnet.admin.nntp)
|
13 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
