Re: fswserv.html ????
From: Adam Bultman (adamb@glaven.org)
Date: 12/17/02
- Previous message: Scott Fendley: "Re: Worm on 445/tcp?"
- In reply to: dev: "Re: fswserv.html ????"
- Next in thread: james: "Re: fswserv.html ????"
- Reply: james: "Re: fswserv.html ????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Dec 2002 13:25:05 -0500 (EST) From: Adam Bultman <adamb@glaven.org> To: dev <dspezialie-NOSPAM@optusnet.com.au>
>
> I haven't seen anything like this before but have you thought about
> contacting the Tech for that CIDR or 'abuse@rr.com'. Other than that
> try killing the connections with a firewall rule or Apache ACL, or
> create a empty page so the client can request it and see if it will go
> away after a successfull get request. Whois details below.
I suggest not letting the servers get the page they are requesting - I've
done things like that before, and when I 'allowed' the pages to be
accessed, requests skyrocketed. When I blocked the requests altogether,
they still persisted, but abated over time.
Note: I still get requests, but they no longer take any bandwidth.
Adam
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: james: "Re: fswserv.html ????"
- Previous message: Scott Fendley: "Re: Worm on 445/tcp?"
- In reply to: dev: "Re: fswserv.html ????"
- Next in thread: james: "Re: fswserv.html ????"
- Reply: james: "Re: fswserv.html ????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
