floods through our proxy
From: Jon Zobrist (jzobrist_at_contentwatch.com)
Date: 07/29/03
- Previous message: Jason Falciola: "Re: Anyone know this tool?"
- Next in thread: mms: "Re: floods through our proxy"
- Reply: mms: "Re: floods through our proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents <incidents@securityfocus.com> Date: 29 Jul 2003 14:47:45 -0600
We have an old software proxy that clients surfed through.
It's discontinued and normally we have 50 clients or less still trying
to use it. In the last hour it's climbed to over 3000 so I did some
investigating.
It seems the same clients over and over are making massive amounts of
http queries. Since we don't proxy, we just forward to a page that says
product discontinued, and since that page is on a thttpd server, it
hasn't affected us.
However, it seems to be a DoS...I've got 8 IPs that were sending a
combined 40 requests/second listed in my firewall now.
Anyone else noticing any bursts in http traffic or known attacks?
-- Jon Zobrist CISSP <jzobrist@contentwatch.com>
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Jason Falciola: "Re: Anyone know this tool?"
- Next in thread: mms: "Re: floods through our proxy"
- Reply: mms: "Re: floods through our proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
