North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Did Wanadoo, French ISP, block access to SCO?

  • From: Rubens Kuhl Jr.
  • Date: Sun Feb 01 18:27:11 2004

Just drop the DNS record, as they did... this particular worm
goes after the URL, not the IP it usually had.


*** can't find Non-existent domain


Non-authoritative answer:


----- Original Message ----- 
From: <[email protected]>
To: "Rubens Kuhl Jr." <[email protected]>
Cc: <[email protected]>; <[email protected]>
Sent: Sunday, February 01, 2004 9:09 PM
Subject: Re: Did Wanadoo, French ISP, block access to SCO?

On Sun, 01 Feb 2004 20:00:40 -0200, "Rubens Kuhl Jr." <[email protected]>
> And by blackholing that IP they've also blackholed, which
> currently not a DDoS target but is also not respondig to requests.

Umm,, I'll bite.  If and are on the same IP,
how do you create a DDoS that wouldn't take out the Caldera site as well?

A sheer-traffic DDoS will hurt both.  A synflood will hurt both.

The webserver that's listening on port 80 doesn't know which site
is being connected to until it actually reads in the HTTP/1.1 headers and
looks at the Host: tag - and if there's enough things arriving with
'Host:', it will require some *very* creative filtering/limiting
to keep one website working while the other is down....