North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Did Wanadoo, French ISP, block access to SCO?
Just drop the www.sco.com DNS record, as they did... this particular worm goes after the URL, not the IP it usually had. >nslookup www.sco.com *** can't find www.sco.com: Non-existent domain >nslookup www.caldera.com Non-authoritative answer: Name: www.caldera.com Address: 188.8.131.52 Rubens ----- Original Message ----- From: <Valdis.Kletnieks@vt.edu> To: "Rubens Kuhl Jr." <email@example.com> Cc: <firstname.lastname@example.org>; <email@example.com> Sent: Sunday, February 01, 2004 9:09 PM Subject: Re: Did Wanadoo, French ISP, block access to SCO? On Sun, 01 Feb 2004 20:00:40 -0200, "Rubens Kuhl Jr." <firstname.lastname@example.org> said: > > And by blackholing that IP they've also blackholed www.caldera.com, which is > currently not a DDoS target but is also not respondig to requests. Umm,, I'll bite. If www.sco.com and www.caldera.com are on the same IP, how do you create a DDoS that wouldn't take out the Caldera site as well? A sheer-traffic DDoS will hurt both. A synflood will hurt both. The webserver that's listening on port 80 doesn't know which site is being connected to until it actually reads in the HTTP/1.1 headers and looks at the Host: tag - and if there's enough things arriving with 'Host: www.sco.com', it will require some *very* creative filtering/limiting to keep one website working while the other is down....