From the RISKs journal : http://catless.ncl.ac.uk/Risks/21.58.html
I wonder what is going on here...
Date: Thu, 2 Aug 2001 20:06:05 -0400
From: Dug Song <dugsong@arbor.net>
Subject: DoCoMo and thttpd: i-mode DDoS attack!
Poor jef has become the victim of his own success (and DoCoMo's)!
Perhaps this qualifies as the first cellphone-based (i-mode)
distributed denial-of-service attack? :-/
Dug Song, Security Architect, Arbor Networks, Inc.
Date: Thu, 02 Aug 2001 11:22:14 -0700
>From: Jef Poskanzer <jef@acme.com>
To: thttpd@bomb.acme.com
Subject: [THTTPD] DoCoMo and thttpd
Hey, is anyone on the list familiar with DoCoMo? Apparently it's a type
of cell-phone / web browser device from Japan. I have suddenly started
getting a [whole] lot of hits to http://www.acme.com/software/thttpd/ with
various versions of DoCoMo in the user-agent field. Unfortunately the
referrer field is blank, which makes it difficult to figure out why this
is
happening. Current working theory is that some server run by the DoCoMo
company switched over to using thttpd, and I'm getting the usual spillover
from any 404 pages on their site. I've seen this effect before with large
ISPs, but never with such a high volume of hits. My bandwidth is pegged
to the throttle right now, and they're not even fetching the inline images
(which by the way means I'm not getting any ad impressions from these
hits, which is somewhat annoying). [...]
Jef Poskanzer jef_at_acme.com http://www.acme.com/jef/
------------------------------
[ Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/ ]
Received on Fri Aug 10 04:03:17 2001