[67061] in North American Network Operators' Group
Re: Did Wanadoo, French ISP, block access to SCO?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Feb 1 18:12:39 2004
To: "Rubens Kuhl Jr." <rubens@email.com>
Cc: hackerwacker@cybermesa.com, nanog@merit.edu
In-Reply-To: Your message of "Sun, 01 Feb 2004 20:00:40 -0200."
<08f201c3e90e$d5da8df0$020ba8c0@NOTEBOOK>
From: Valdis.Kletnieks@vt.edu
Date: Sun, 01 Feb 2004 18:09:55 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_318341051P
Content-Type: text/plain; charset=us-ascii
On Sun, 01 Feb 2004 20:00:40 -0200, "Rubens Kuhl Jr." <rubens@email.com> said:
>
> And by blackholing that IP they've also blackholed www.caldera.com, which is
> currently not a DDoS target but is also not respondig to requests.
Umm,, I'll bite. If www.sco.com and www.caldera.com are on the same IP,
how do you create a DDoS that wouldn't take out the Caldera site as well?
A sheer-traffic DDoS will hurt both. A synflood will hurt both.
The webserver that's listening on port 80 doesn't know which site
is being connected to until it actually reads in the HTTP/1.1 headers and
looks at the Host: tag - and if there's enough things arriving with
'Host: www.sco.com', it will require some *very* creative filtering/limiting
to keep one website working while the other is down....
--==_Exmh_318341051P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAHYdDcC3lWbTT17ARAhcSAJ97dmWetYl8mJcN/sMGEzO4Re7eogCg/IRb
ld6/rahbIE+0toXJVeyZPcc=
=MGc+
-----END PGP SIGNATURE-----
--==_Exmh_318341051P--
