Dan Hollis wrote:
On Fri, 10 Mar 2000, Scott Solmonson wrote:
Dan Hollis wrote:
I was thinking the exact same thing. The DoS'er would end up DoS'ing themselves. Since when does "same source address" mean "same client"? Ya- start redirecting everyone to an AOL proxy...
Referrer != forwarded-for.
Correct. And even that simple snippet of code spits out *no* referrer tag for you to filter on. So I was assuming you meant source IP.
When we are talking about redirecting, we are talking about redirecting to the DoS'ers page. Not their client.
So you would redirect them *where*? My (I'm running my auto-refresher) "page", what ever that is? Or the <DoS-tool-maker>'s page?
And all these depend on being able to identify "authentic" users-
Nope
Huh? - If you're going to redirect someone, you first need to identify them as "bad".
Huh? The client is netscape or IE. I dont know of any way for javascript to override the headers the browser client sends.
Not necessarily- their site stated that a custom client was in the works- We all know a perl script wrapped around netcat would do nicely. -- Scott Solmonson Speedera Networks Inc. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* scosol@speedera.com / 408.970.1591