logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 282 days ago
Via: http://lists.jammed.com | Tags: isn castlecops hit ddos attack comments Discuss  


http://www.darkreading.com/document.asp?doc_id=149497



By Kelly Jackson Higgins

Senior Editor

Dark Reading

MARCH 28, 2008



Security watchdog site CastleCops is currently under yet another

distributed denial-of-service (DDOS) attack. The anti-spam, anti-malware

site manned by volunteers has been under siege from waves of botnet

traffic since Wednesday.



CastleCops is no stranger to DDOS attacks -- it gets hit regularly, with

its most recent attack back in August -- but this one took a different

spin on an old trick.



"Typically, attacks involve some sort of HTTP GET, but this one seems to

include a POST instead," says Paul Laudanski, founder and administrator

for the CastleCops site, who says he first detected the attack on

Wednesday morning after noticing some performance problems with the

site.



He initially witnessed a rise in the server load and a pattern in the

server logs that indicated a DDOS, he says.



The attack hasn.t taken down the site, but is causing occasional

connectivity problems for visitors. "It appears we.ve attracted some

fresh bots, too," Laudanski says.



"Apache has been saturated a few times already, necessitating manual

httpd restarts, while ensuring bots are filtered," he says.



CastleCops, like other anti-spam and anti-cybercrime sites including

Spamhaus, has been an obvious target for disgruntled bad guys due to its

community-based efforts to investigate malware and phishing attacks, as

well as its collaboration with other researchers and law enforcement.



"I think the question is: When isn.t CastleCops under DDOS attack? They

are constantly being hit," says Alex Eckelberry, CEO of Sunbelt Software

.



To mitigate the DDOS attack, CastleCops has been filtering traffic based

on the attack fingerprint, according to Laudanski, and posting the

offending IP addresses, which has kept the attack from crippling the

site. And one member of the CastleCops community noted on the site's

message board that the attack indicates that CastleCops has struck a

nerve with the dark side.



"We have been rattling a lot of cages lately and to me, this DDOS shows

we are on the right track," writes "Ernstl."





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security