[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Hijacking of Cache Servers

Subject: Re: [cobalt-users] Hijacking of Cache Servers
From: Rik Thomas <rikt@xxxxxxxxxxxx>
Date: Wed Feb 23 14:19:57 2000

If you have control of your own router and by the sounds of it you do, I
wouldn't place that load on your qube because denying can cause just as
much of a drain as someone hitting your cache, I would stop it at the
router, with something like this:

ip route 111.111.111.0 255.255.255.0 Null0

Where 111...is the bad guy and the the 2555....is the netmask.

Maybe finding someone that can write in Japanese telling them to stop
would help too.  Call their upstream is another great solution.  If you
need help with your router let me know.

And a comment concerning Cobalt, don't blame them, this has nothing to do
with the core product as it stands right now.  The RAQ uses ipfwadm, help
is available in about 1000 different places.  All ISPs should be very
familiar with ipfwadm and ipchains.  Now should they have something like
this build it, I don't think so but Jeff's post below could easily be put
into the KB.....just be very very careful with ipfwadm, you can break your
whole cache qube.

On Wed, 23 Feb 2000, Jeff Bilicki wrote:

> I would suggest adding an ipfwadm route manually to the CacheRaQ
> 
> /sbin/ipfwadm -I -a deny -W ethx -P tcp -S x.x.x.0/24 -D y.y.y.y 80
> or
> /sbin/ipfwadm -I -a reject -W ethx -P tcp -S x.x.x.0/24 -D y.y.y.y 80
> 
> x.x.x.0 =  The ip subnet of the offending parties (x.x.0.0/16,
> x.0.0.0/8, etc)
> y.y.y.y =  The ip address of the CacheRaQ
> ethx = the ethernet interface with the external IP address
> 
> Use port 80 if you are using transparent caching, 8080 if normal.   
> These should be put in  /etc/rc.d/init.d/cacheqube-ipfwadm.init.  I'd
> use deny, because it will hang the clients trying to abuse your cache,
> reject will give them a clean fail, but that is just me.
> 
> Jeff- 
> 
> Pete Starnes wrote:
> > 
> > I've got a serious problem here and Cobalt seems unwilling to help (unless
> > of course I'm willing to pay $200 per hour for support).  I have 3
> > CacheRaq's that are being hijacked by ISP's over seas...lots from Japan,
> > Russia, England...all over...are for some reason pointing their dial in
> > clients to my cache servers.  It's eating up all of my incoming and outgoing
> > bandwidth.
> > 
> > Can someone please tell me how to restrict client access to only those
> > clients from within my IP ranges?
> > 
> > Thanks in advance.
> > 
> > Pete Starnes
> > President
> > NorthEast Texas Online, Inc.

Rik Thomas CTO rikt@xxxxxxxxxxxx
Delaware.Net, Inc. http://www.delaware.net
P:302.736.5515 F:302.736.5945 ICQ:879956

Check out our Tucows Linux Mirror
http://delaware.linux.tucows.com

References:
- Re: [cobalt-users] Hijacking of Cache Servers
  - From: Jeff Bilicki

Prev by Date: Re: [cobalt-users] SSH help needed please
Next by Date: RE: [cobalt-users] Email disappears in the delivery process
Previous by thread: Re: [cobalt-users] Hijacking of Cache Servers
Next by thread: RE: [cobalt-users] untar and billing solution

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index