503 - website unavailable due to ddos

Update 2003-09-17 00:00 UTC: flooding continues, periodically morphing

The website will be unavailable for at least a couple of days until
everything has been reconfigured to reliably resist such future attacks.
For dnsbl-lookups please use http://moensted.dk/spam/ instead.


The requested server is not available since 2003-09-16 04:00 UTC due to
a constant dos-flood probably initiated by some disgruntled us-spamgang.
They already DoSed Dorkslayers and Osirusoft off the net some weeks ago,
and trying the same with Sorbs, UPL, Spews and others since months.
Such attacks are difficult to track down and only possible because of
those ISP and upstreams still failing to implement some simple egress-
filters at their routers against spoofed (forged) ip-packets.

Help Requested:

Unless the attacker has been traced down and terminated the only way to
protect against the dos are at least 6 additional trusted proxy servers
on different networks, shielding the actual location of the target.
The attacker would require the multiple of his current bandwith to attack
all proxies simultanously (which significantly increases the chance of
tracking down the source) and will probably stop wasting his bandwith.
The bandwidth required by each proxy may be below 1gb/month (negotiable),
the server may be run on any dsl/cable with at least 512kbps upstream to
provide some speed for the visitors, there will be no more than a few
requests per minute and the effective utilization will be minimal.
Dedicated ip recommended to allow blocking of incoming packets at the
border-routers if necessary (worst case, probably wont happen).
Dynamic allocated dhcp lines will be monitored and tracked via dyndns.
Optionally each proxy may display a small (textual) banner to the proxied
visitor, ideally something about their company, services and products.
Recommended software will be Pound which is very efficient and provides
filtering, balancing and failover, but any Apache with mod_proxy, Squid
or similar may be used as well. ISP and companies which already have a
http-proxy may use their existing software with minimal adjustments.
CERT's and other organizations interested in network security could be
interested to operate such a proxy as 'honeypot' with ~250mb/month.

Please contact <webmaster(at)openrbl.org> with some details if you are
able to help out, Guestbook available for questions and comments. Recovery Progress: