[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] DoS attack???

Subject: Re: [cobalt-users] DoS attack???
From: Bruce Timberlake <bruce@xxxxxxxxxx>
Date: Sat Jan 11 21:26:02 2003
Organization: BRTNet.org
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I'm getting a lot of the below, looks like someone is going through
> all the domains and IPs on my cobalt (via www) --is this normal or
> someone is scanning my ports or DoS attack my web server?
>
> I have place the IP in /etc/hosts.deny --ALL: 216.127.82.97 but
> stills see more connections when I'm doing netstat...any
> clues/ideas?

What does your apache log show? (tail -f /var/log/httpd/access)

Could be an overzealous spider... although 'host 216.127.82.97' comes 
back with

	Host 97.82.127.216.in-addr.arpa not found: 3(NXDOMAIN)

If you've got ipchains on your box, you could just ban 'em from 
everything by doing

/sbin/ipchains -A input -i eth0 -s 216.127.85.97	-l -j DENY

(and add it to your startup file so you zap 'em everytime you reboot 
too!)

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+IPwhvLA2hUZ9kgwRAldhAJ9rJS97BbkikU2j6/4vZk1NRn6SHQCeI7Xh
hanIE9sqeeBl79YZyRLDjOo=
=9/yb
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [cobalt-users] DoS attack???
  - From: Mike's List
- Re: [cobalt-users] DoS attack???
  - From: E.B. Dreger

References:
- [cobalt-users] DoS attack???
  - From: Mike's List

Prev by Date: RE: [cobalt-users] DoS attack???
Next by Date: [cobalt-users] Better Control Panel
Previous by thread: RE: [cobalt-users] DoS attack???
Next by thread: Re: [cobalt-users] DoS attack???

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index