W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1996

Hostile webserver attack!!!!

From: Erez Levin <erezl@dingo.co.il>
Date: Tue, 24 Dec 1996 13:55:26 -0800
Message-Id: <32C0514E.C4D@dingo.co.il>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/2177
Dear readers,

Here is a summary of an article published in our local nigh newspaper
regarding a security breach:

"Webcom Webserver has suffered a major attack on its web site.  This
attack took off thier main webserver off the air for 40 hours!!!!

The attacking method is the "SYN-flood" which allows bombing of the site
with messages rating up to 200 messages per second.  Sending messages
using "SYN-flood" the user does not send a real IP address and the web
server keep on searching for the remote user to send the answer to. 
Overloading the web server with so many false messages didnot allow the
"real" messages to get through and overloaded the Machine's memory.

It seems that two Hackers magazines have published the source code and
now any webserver in the world is opened to such and attack."

(Summarised from "Globes"  http://www.globes.co.il Israel financial
magazine, Hi-Tech section, tuesday edition).

Is any of you guys familiar with this "SYN-flood" bombimg method?  does
anyone know how you can located this suspects and place them under a
"black list" of forbidden sites?

Erez Levin
R&D manager

D     D    II   NNNN    NN   GG         OO   OO
D      D   II   NN NN   NN  GG         OO     OO
D      D   II   NN  NN  NN  GG  GGGG   OO     OO  Infosystems
D     D    II   NN   NN NN   GG  GG     OO   OO

Email: erezl@dingo.co.il
Our site:http://www.dingo.co.il
Received on Tuesday, 24 December 1996 03:58:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:21 UTC