Thread: OT Bombing attack
View Single Post
  #21   Report Post  
Old February 21st 05, 07:08 PM posted to uk.sci.weather
cupra cupra is offline
external usenet poster
  
First recorded activity by Weather-Banter: Nov 2003
Posts: 393
Default OT Bombing attack
Geoff F. wrote:
As I understand it, on Mon, 21 Feb 2005 18:53:07 +0000, cupra
reported this:

Geoff F. wrote:
As I understand it, on Mon, 21 Feb 2005 17:31:20 +0000, cupra
reported this:

Although some may see this as responding to the attacker and hence
making it worse, I've had a look and some other uk groups have
experienced attacks recently and thought I'd post my observations:

- They seem to start soon after 9am and end around 5pm.

- The attacker will be monitoring posts and modifies his/her bot
to get around message rules (keywords/message length/size etc)

- The from field seems to repeat so it may be possible to block
senders successfully to reduce the volume (although he/she may add
more)

- news.individual.net seems to quickly block messages on their
server so disruption is kept to a minimum

- the attack seems to last for 2/3 days, so expect more disruption

By the looks of it if this ng 'toughs it out' the attack will end.

p.s Does anyone know of a good filter add on for OE users?

FYI:
these are Hipcrime bots flooding the newsgroup.
http://c2.com/cgi/wiki?HipcrimeFloods

It's possible the headers are forgeries.
http://www.geocities.com/hcfaq/

Who is Hipcrime?
http://www.killfile.org/dungeon/why/hipcrime.html

HTH.

If the flood originates in the EU, is there anything the authorities
can do?

It's hard to say *where* they are originating from, & what
authorities are you referring to?

UK Police.... (*Computer misuse act ) - not sure how it covers spam, but
this seems more of a DOS attack (in that it's making the ng unusable for
some)


Reply With QuoteReply With Quote