Bots’ brazen User-Agent headers
Friday, September 28th, 2007The esteemed security group CastleCops was under a distributed denial-of-service attack back at the beginning of September. The DDoS apparently consisted of both a TCP SYN flood and an HTTP request flood. They posted some great data to help the community identify suspected zombie computers used to carry out the attack: an http log of suspicious web access from their site, and a list of IPs with whois data of possible bot infected hosts.
