Re: DOS From "inktomi.com"? - CONCLUSION

["Vonelm, William J" <billve () BNL GOV>]

  Looks like this was "mostly harmless".  While the crawler involved was
particularly aggressive it seems that the web admin involved ah... *forgot*
to install a "robots.txt" file to limit it's curiosity.  Everything now
appears to have returned to normal although we will be keeping an eye on the
Exodus subnet (216.35.0.0) from which the crawler originated as we've had
"issues" with Exodus in the past.

 Many thanks to all those who responded!
--
Bill Von Elm:  Computer Analyst- Cyber Security Operations
e-mail: billve () bnl gov || Phone:(631)344-4131 || Fax:(631)344-3211
Brookhaven National Laboratory - United States Department of Energy

"Facts do not cease to exist because they are ignored."
                                               - Aldous Huxley



> -----Original Message-----
> From: Tim O'Connor [mailto:tco () ENTERACT COM]
> Sent: Tuesday, August 22, 2000 5:33 PM
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Re: DOS From "inktomi.com"?
>
>
> Bill,
>
> Inktomi is a provider of content for search engines.  It's probably a
> crawler that is having problems navigating your site.  DOS is highly
> unlikely.
>
> -TO-
>
> On Tue, 22 Aug 2000, Vonelm, William J wrote:
>
> > Hello all,
> >   We've just had one of our web servers pummeled into the
> ground by repeated
> > cgi requests from what appears to be a web-crawler from
> "inktomi.com".  Has
> > anybody else experienced this?  Is it some kind of
> malicious web Denial of
> > Service attack or just a poorly constructed web crawler?
> >
> > Thanks!
> > --
> > Bill Von Elm:  Computer Analyst- Cyber Security Operations
> > e-mail: billve () bnl gov
> > Brookhaven National Laboratory - United States Department of Energy
> >
> > "Facts do not cease to exist because they are ignored."
> >                                                - Aldous Huxley