Attacker Data / Wall of Shame

Interesting data.

Do you filter or identify spoofed IP addresses?

Also, any data collected on more direct DoS attacks?

Thanks.
Rajesh.

"--- begin message from Daniel Senie ---"

Interesting data.

Do you filter or identify spoofed IP addresses?

We block packets with source addresses which are obviously bogus (see recent IANA RFC for the list). Past that, note that these data are all derived from analysis of HTTP GET requests, which means the TCP 3-way handshake has completed and data has flowed before we detect the nature of the request/attack.

Also, any data collected on more direct DoS attacks?

We do collect a variety of data on other attacks, but this particular system was set up to catalog (and eventually blackhole) DoS attacks affecting our web servers. The Slapper attack, for example, goes after OpenSSL and chews a significant amount of CPU time on the servers.