Help From an Old Friend
- Added Brandeis and other friendly vhosts to the RR during student break, home page only; all sub-pages redirected to veritas2.holocaust-history.org
-
Monitored source IPs
-
Watched traffic patterns
-
tcpdump -p -n -c 100 'tcp[tcpflags] & tcp-syn != 0 and tcp dst port 80'
-
Assisted with LARTing ISPs
-
Noticed that the attacks had a null User-Agent, implemented access control based on that
BrowserMatch "^$" nouseragent=1
deny from env=nouseragent