[118221] in Cypherpunks
Re: KISA Attack
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Sep 22 06:58:09 1999
Message-Id: <3.0.5.32.19990922033817.009ad590@idiom.com>
Date: Wed, 22 Sep 1999 03:38:17 -0700
To: John Young <jya@pipeline.com>, cypherpunks@cyberpass.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <199909220936.FAA05047@smtp5.mindspring.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Bill Stewart <bill.stewart@pobox.com>
At 05:25 AM 09/22/1999 -0400, John Young wrote:
>For the past two days jya.com has been under attack
>by the Korea Information Security Agency
> http://www.kisa.or.kr
>which has set up (or allowed) a couple of robots to issue a
>sustained flood of requests for the same three files, one per
>second, which has nearly stopped access by others.
You could ask your ISP to block access from their IP address,
or alternatively ask your web hosting provider to block
access from their IP or domain. A few requests per second
shouldn't cause too much load as long as you're rejecting them.
>We've written the <webmaster@kisa.or.kr> to no effect.
>The phone listed at the KISA web site does not answer.
>A robot exclusion file has not worked.
Their site claims to have a couple of projects for preventing
this kind of attack - perhaps they've been hacked,
or perhaps they're trying out their stuff :-)
Each project their seems to have a different phone number;
perhaps somebody is home and speaks English.
>Any suggestions for ways to ebola the invaders? We filed
>criminal charges with the international cybercrimes tribunal
>but do not expect rapid deployment of their cooping cops --
>spooned with KISA's.
Most well-run ISPs block the Ping of Death and SYN-flood attacks,
so it's difficult to send those across the world.
I don't know how many of the script kiddies read alt.2600 these days,
but reposting the KISA folks's web site with a "these guys think
they're really hot security adminstrators" should be an attractive nuisance.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
