[Gllug] Coordinated attacks ... how?

Rev Simon Rumble simon at rumble.net
Thu May 13 09:36:17 UTC 2004


This one time, at band camp, Richard Jones wrote:

> But why do these attacks come in groups from different IP addresses?
> I could understand one machine, or perhaps one infected bot sitting
> there at a single IP address trying to submit forms.  But this attack
> is 8 requests in a short space of time from 5 widely different IP
> addresses.  How is this?  Is there some sort of coordinated botnet at
> work here?

Almost certainly.

Have a look at this:
http://www.google.co.uk/search?q=eggdrop&hl=en&btnG=Google+Search&meta=

> [And if they go to this much trouble, why can't they write
> an exploit script which isn't trivially defeated??]

Because they're mostly script kiddies.  They run other peoples' code
that they find online, not write their own.  And, besides, there are
enough poorly configured machines out their that Social Darwinism
hasn't kicked in yet to force them to evolve something better.

-- 
Rev Simon Rumble <simon at rumble.net>
www.rumble.net

Why sir, there is every possibility that you will soon be
able to tax it! 

- Michael Faraday 1791-1867: to Gladstone, when asked about
the usefulness of electricity
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list