nanog mailing list archives
Dos attack?
From: Eric Frazier <eric () dmcontact com>
Date: Mon, 20 Oct 2003 19:11:42 -0400
Hi, We are getting a LOT of web requests containing what mostly looks like giberish. [Mon Oct 20 21:13:42 2003] [error] [client 172.133.3.204] request failed: erroneous characters after protocol string: \xb8\xcf\xc235\x9f\xc4\x1c\xebj\xd7\xc5\x8e\xe9d>\xfdMe\xed\x16\xca\xd51\xcfReF\x82\xa3qi\x89\x832<\vJ5k\x15\xa2\x0c\x90\xed\x8bCT\xa3\xa2\x96\xd7\xe8\xa2`S#+W\xfc\xc2\xc2w*\xce\x1a<\xb9\xc3\x91\x14\xb0\x9e\xfe\x14\"7\xaa\xeaR\xd1\x9c\x13\x1a\xf0\x1aN\x8eklP\xdc\xc1\xe3\xb9w\xb0\x1aGt\x04|I4\xae\x06WC\x15NA\x80\xb1\xc5E~\xd59\x85+\xcc\x9e\xb8\xaf(\r\x1f\x97 But this is not the standard Microsoft worm stuff that I can tell. It is coming from numerous IP addresses and nearly took down a few of our servers until we started blocking them with the firewall. So I am trying to find out as much as I can about what is happening, but I don't really know where to start. I don't believe it is considered approperiate to send a list of IPs to this list. So where should I start? The list so far contains about 60 addresses. Thanks, Eric
Current thread:
- Re[2]: data request on Sitefinder, (continued)
- Re[2]: data request on Sitefinder Richard Welty (Oct 20)
- Re: data request on Sitefinder Steven M. Bellovin (Oct 20)
- Re: data request on Sitefinder Dave Israel (Oct 20)
- Re[2]: data request on Sitefinder Richard Welty (Oct 20)
- Re[2]: data request on Sitefinder Howard C. Berkowitz (Oct 20)
- Re[3]: data request on Sitefinder Richard Welty (Oct 20)
- Re[3]: data request on Sitefinder Howard C. Berkowitz (Oct 20)
- Re[4]: data request on Sitefinder Richard Welty (Oct 20)
- Re: Re[2]: data request on Sitefinder todd glassey (Oct 20)
- Re[4]: data request on Sitefinder Richard Welty (Oct 20)
- Dos attack? Eric Frazier (Oct 20)
- Re: data request on Sitefinder Jack Bates (Oct 20)
- Re: data request on Sitefinder Howard C. Berkowitz (Oct 21)
- Re: data request on Sitefinder Owen DeLong (Oct 21)
- Re: data request on Sitefinder Jack Bates (Oct 21)
- Re: data request on Sitefinder Owen DeLong (Oct 21)
- Re: data request on Sitefinder Howard C. Berkowitz (Oct 21)
- Re: data request on Sitefinder Howard C. Berkowitz (Oct 20)
- Re: data request on Sitefinder Bruce Campbell (Oct 21)