[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AEEAKGKHCDMLEHCOGIBCAEFLCDAA.list.fulldisclosure@webscreen-technology.com>
From: list.fulldisclosure at webscreen-technology.com (Gareth Blades)
Subject: Attack profiling tool?
Our product detected the attack as a 'connectio flood' which is basically
where you open up lots of connections to a server and leave them idle. This
causes the server to have lots of open connections so that it reaches its
maximum connection limit and therefore nobody else can access the site
resulting in denial of service.
A common tool for this is called naptha but what we are seeing is not
consistant with this tool because as soon as the connection limit is reached
all the connections are then closed. Naptha would keep them all open and
regularly keep trying to open new ones.
Our product monitors the connections to the site and when it begins to reach
its limit denies new connections from clients which have more connections
open than they should/normally would.
> -----Original Message-----
> From: daniel_clemens@...mingham-infragard.org
> [mailto:daniel_clemens@...mingham-infragard.org]On Behalf Of daniel
> uriah clemens
> Sent: Thursday, July 10, 2003 12:47
> To: Gareth Blades
> Cc: Fulldisclosure
> Subject: Re: [Full-Disclosure] Attack profiling tool?
>
>
> > I have seen this a number of times from various IP addresses and it is
> > always exactly the same. Our product which detected this
> prevents against
> > these types of attacks anyway so it is not a problem but I was
> wondering if
> > it is a particular attack tool going round the Internet
> profiling different
> > sites to see how many connections they support.
>
> Out of curiosity to possibly reclarify your definition of an attack...
> What type of attacks do these more than 3 connections fall into?
>
> -Daniel Uriah Clemens
>
> Esse quam videra
> (to be, rather than to appear)
> http://www.birmingham-infragard.org | 2053284200
> fingerprint: EDF0 6566 2A4A 220E 5760 EA1F 0424 6DF6 F662 F5BD
>
>
>
>
Powered by blists - more mailing lists