On Wed, 24 Sep 2003 12:20:25 -0700, Juan Lorenzana <juan@itwest.net> wrote:
Tom,
So do you think this is a DoS attack? I have seen DoS attacks before but I have never seen one that uses over 2,000 machines. I do not think that the packets are spoffed, because 1) I can ping them, 2) They appear to primarily originate from about 8 different countries only, 3) If I stop the server (I did that for one full day), they keep going even after a day- most DoS attacks stop when the system crashes or stops responding.
Anyway, if it not related to zope, what do you think this flood is related to? And why from all over the world. The attack started September 15 and the customer has no idea why they would single out his site. Pretty low volume site. This system is on a shared hosting machine, and the attacks are only focused on this one customer and not the whole machine.
Any thoughts?
some interesting thoughts here: http://cert.uni-stuttgart.de/archive/intrusions/2002/11/msg00090.html Phil