[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] DoS attack???
- Subject: Re: [cobalt-users] DoS attack???
- From: "Mike's List" <mikelist@xxxxxxx>
- Date: Sat Jan 11 21:44:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I don't have IP chains (yet).
- Mike
On Sat, 11 Jan 2003, Bruce Timberlake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > I'm getting a lot of the below, looks like someone is going through
> > all the domains and IPs on my cobalt (via www) --is this normal or
> > someone is scanning my ports or DoS attack my web server?
> >
> > I have place the IP in /etc/hosts.deny --ALL: 216.127.82.97 but
> > stills see more connections when I'm doing netstat...any
> > clues/ideas?
>
> What does your apache log show? (tail -f /var/log/httpd/access)
>
> Could be an overzealous spider... although 'host 216.127.82.97' comes
> back with
>
> Host 97.82.127.216.in-addr.arpa not found: 3(NXDOMAIN)
>
> If you've got ipchains on your box, you could just ban 'em from
> everything by doing
>
> /sbin/ipchains -A input -i eth0 -s 216.127.85.97 -l -j DENY
>
> (and add it to your startup file so you zap 'em everytime you reboot
> too!)
>
> - --
> Bruce Timberlake
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+IPwhvLA2hUZ9kgwRAldhAJ9rJS97BbkikU2j6/4vZk1NRn6SHQCeI7Xh
> hanIE9sqeeBl79YZyRLDjOo=
> =9/yb
> -----END PGP SIGNATURE-----
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>