[5727] in cryptography@c2.net mail archive
Re: KISA Attack
daemon@ATHENA.MIT.EDU (John R Levine)
Wed Sep 22 12:11:08 1999
Date: Wed, 22 Sep 1999 10:55:57 -0400 (EDT)
From: John R Levine <johnl@iecc.com>
To: Robert Hettinga <rah@shipwright.com>
Cc: cryptography@c2.net, coderpunks@toad.com
In-Reply-To: <v0421016db40e6491ac87@[204.167.101.34]>
Message-ID: <Pine.BSI.3.91.990922104947.22423I-100000@ivan.iecc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> For the past two days jya.com has been under attack
> by the Korea Information Security Agency
>
> http://www.kisa.or.kr
>
> which has set up (or allowed) a couple of robots to issue a
> sustained flood of requests for the same three files, one per
> second, which has nearly stopped access by others.
Am I missing something, or can't you just put a router block against their
network, 203.233.150/23 ? I realize this won't blow them off the net, but
it'll make your web server usable again.
Based on experience trying to get Korean spam relays closed, I would say
there's about a 99.5% chance that this is due to administrative ineptitude
and 0.5% that it's malice. In Korea even more than Japan I find extreme
unwillingness to receive outside trouble reports, often compounded by the
fact that I don't speak Korean or Japanese, and they don't read English
well enough to understand a report in the first place.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
