Metasploit (and other security sites) are being hit by DDoS. Some interesting thoughts:
- Use DNS to mitigate the attack (if the bots follow DNS, you can simply point them to 127.0.0.1, if not, you simply move servers to an other IP range and point DNS there – of course this might not be as “simple” as I put it, but it is a solution)
- Have multiple points of communication. You can use DNS to “blackhole” www.metasploit.com, but still keep blog.metasploit.com up
- What are the implications of deflecting the attack to an other address via DNS? What if you’d know the IP of the C&C server for the particular botnet and set the DNS record to that address?
From Bruce Schneier: How people can be manipulated by information, even when they are explicitly advised to disregard it . Nothing new, but still scary.
From the PacketLife blog: IPv6 does away with ARP, but still vulnerable to ARP-spoofing style attacks.
Surrogate scripts in NoScript – a very cool solution to the problem that some sites stop working if Google Analytics is disabled (because they use it to track certain actions, like clicking on download links).