| Calling all UFie sysadmins |
by Kickstart |
2003-03-18 17:38:40 |
Almost 3.5 days of Denial of Service attacks...I'm getting pretty tired and seek advice.
Someone out there appears to be exploiting vulnerability on Win2k and WinNT, especially the recent on in IIS 5.0. They are using this vulnerability to do distributed Denial of Service attacks on my company's biggest client...hcareers.com.
We can't drop the incoming packets from these compromised machines, since there is no point...they incoming packets are filling the pipe anyway, and the server park host shuts the connection to our servers down before the bandwidth charges overwhelm the client financially and the bandwidth use affects their other clients.
Basically, as long as these machines are compromised, we're screwed. We can't stop the attacker in any other way. Because he is using other machines on (mostly) cable and ADSL networks that are not likely to track connections and usage, he is effectively not trace-able.
If you've got any clues as to what we can do to stop this before a lone hacker puts the client out of business (which would likely put me out of a job), I'd appreciate the info.
If you've got nothing else, a word of sympathy would be lovely. :(
Thanks,
Kickstart
PS. I'll be back here in a couple hours to answer posts to this thread. |
|
[ Reply ] |
|
If the server's been 'compromised' | by kahuana | 2003-03-18 17:45:26 |
|
Ohhh... That sucks. | by mswebchik | 2003-03-18 17:45:35 |
|
Start contacting the other networks anyway, | by Arcanum | 2003-03-18 17:47:20 |
|
Man, that's tough... | by IByte | 2003-03-18 17:51:03 |
|
(((((((((((Kickstart))))))))))))) | by GeekPrincess | 2003-03-18 17:56:45 |
|
My knowledge of DDoS attacks wouldn't | by Nea | 2003-03-18 17:58:36 |
|
Nothing helpful | by Lady-Luna | 2003-03-18 18:00:22 |
|
What type of traffic is it? | by vyrus | 2003-03-18 18:00:57 |
|
Port 80, unfortunately. (n/t) | by Kickstart | 2003-03-18 22:14:01 |
|
Well, is this just aimed at your client, or is it | by Adiplomat | 2003-03-18 18:04:12 |
|
Did he write ZoneAlarm? | by LionsPhil | 2003-03-18 18:22:53 |
|
As far as I know, he didn't | by Freakazoid | 2003-03-18 18:29:15 |
|
Yeah, | by LionsPhil | 2003-03-18 18:31:18 |
|
I've actually had a chance to use spinrite | by Freakazoid | 2003-03-18 18:34:49 |
|
Blimey. | by LionsPhil | 2003-03-18 18:38:02 |
|
I was suprised also... | by Freakazoid | 2003-03-18 18:43:32 |
|
{{{Kickstart}}}} | by Arienadean | 2003-03-18 18:07:22 |
|
If you want linkage to GRC's article, | by LionsPhil | 2006-11-19 12:55:59 |
|
Hmm | by Reddy | 2003-03-18 18:09:55 |
|
Check your U.F. e-mail | by desertrat66 | 2003-03-18 18:34:53 |
|
Linkage on this sort of problem | by desertrat66 | 2006-11-19 12:55:59 |
|
Make calls... | by imperito | 2003-03-18 19:01:15 |
|
here I think the law says | by Arienadean | 2003-03-18 19:22:07 |
|
Call your upstream provider | by wiseguy586 | 2003-03-18 20:35:51 |
