Dos attack?

• Previous message (by thread): Dos attack?
• Next message (by thread): data request on Sitefinder
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks Guy I have sent them more detailed info.

Eric 

guy wrote:
> 
> Eric,
>         You should start with your upstream's security dept. They may have
> seen either this incident, a related one, or both. And they more than
> likely have resources at other transit providers' security depts. You pay
> for their service, you may as well use it, right?
> 
> Guy
> 
> ------------------------------------------------------------------------
> Hi,
> 
> We are getting a LOT of web requests containing what mostly looks like
> giberish.
> 
> [Mon Oct 20 21:13:42 2003] [error] [client 172.133.3.204] request
> failed: erroneous characters after protocol string:
> \xb8\xcf\xc235\x9f\xc4\x1c\xebj\xd7\xc5\x8e\xe9d>\xfdMe\xed\x16\xca\xd51\xcfReF\x82\xa3qi\x89\x832<\vJ5k\x15\xa2\x0c\
> x90\xed\x8bCT\xa3\xa2\x96\xd7\xe8\xa2`S#+W\xfc\xc2\xc2w*\xce\x1a<\xb9\xc3\x91\x14\xb0\x9e\xfe\x14\"7\xaa\xeaR\xd1\x9c
> \x13\x1a\xf0\x1aN\x8eklP\xdc\xc1\xe3\xb9w\xb0\x1aGt\x04|I4\xae\x06WC\x15NA\x80\xb1\xc5E~\xd59\x85+\xcc\x9e\xb8\xaf(\r
> \x1f\x97
> 
> But this is not the standard Microsoft worm stuff that I can tell. It is
> coming from numerous IP addresses and nearly took down a few of our
> servers until we started blocking them with the firewall. So I am trying
> to find out as much as I can about what is happening, but I don't really
> know where to start. I don't believe it is considered approperiate to
> send a list of IPs to this list. So where should I start? The list so
> far contains about 60 addresses.
> 
> Thanks,
> 
> Eric

• Previous message (by thread): Dos attack?
• Next message (by thread): data request on Sitefinder
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]