Dos attack?

• Previous message (by thread): data request on Sitefinder
• Next message (by thread): Dos attack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

We are getting a LOT of web requests containing what mostly looks like
giberish.

[Mon Oct 20 21:13:42 2003] [error] [client 172.133.3.204] request
failed: erroneous characters after protocol string:
\xb8\xcf\xc235\x9f\xc4\x1c\xebj\xd7\xc5\x8e\xe9d>\xfdMe\xed\x16\xca\xd51\xcfReF\x82\xa3qi\x89\x832<\vJ5k\x15\xa2\x0c\x90\xed\x8bCT\xa3\xa2\x96\xd7\xe8\xa2`S#+W\xfc\xc2\xc2w*\xce\x1a<\xb9\xc3\x91\x14\xb0\x9e\xfe\x14\"7\xaa\xeaR\xd1\x9c\x13\x1a\xf0\x1aN\x8eklP\xdc\xc1\xe3\xb9w\xb0\x1aGt\x04|I4\xae\x06WC\x15NA\x80\xb1\xc5E~\xd59\x85+\xcc\x9e\xb8\xaf(\r\x1f\x97

But this is not the standard Microsoft worm stuff that I can tell. It is
coming from numerous IP addresses and nearly took down a few of our
servers until we started blocking them with the firewall. So I am trying
to find out as much as I can about what is happening, but I don't really
know where to start. I don't believe it is considered approperiate to
send a list of IPs to this list. So where should I start? The list so
far contains about 60 addresses.


Thanks,

Eric

• Previous message (by thread): data request on Sitefinder
• Next message (by thread): Dos attack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]