Security Incidents mailing list archives
Re: fswserv.html ????
From: Adam Bultman <adamb () glaven org>
Date: Tue, 17 Dec 2002 13:25:05 -0500 (EST)
I haven't seen anything like this before but have you thought about contacting the Tech for that CIDR or 'abuse () rr com'. Other than that try killing the connections with a firewall rule or Apache ACL, or create a empty page so the client can request it and see if it will go away after a successfull get request. Whois details below.
I suggest not letting the servers get the page they are requesting - I've done things like that before, and when I 'allowed' the pages to be accessed, requests skyrocketed. When I blocked the requests altogether, they still persisted, but abated over time. Note: I still get requests, but they no longer take any bandwidth. Adam ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- fswserv.html ???? James-lists (Dec 16)
- Re: fswserv.html ???? dev (Dec 17)
- Re: fswserv.html ???? Adam Bultman (Dec 17)
- Re: fswserv.html ???? james (Dec 17)
- Re: fswserv.html ???? Adam Bultman (Dec 17)
- Re: fswserv.html ???? james (Dec 17)
- Re: fswserv.html ???? dev (Dec 17)