[aclug-L] Re: Denied connections
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Mon, 27 Aug 2001, gLaNDix wrote:
> On Sun, 26 Aug 2001, John Alexander wrote:
>
> > (read aggressive) policy towards NT/2000 server maintenance). Not a single
> > one (and their are a few) Linux boxes were affected.
>
> not 100% true as one may think... my FreeBSD box goes in and out of
> service because of all the traffic i'm getting... Sure, the exploit
> doesn't apply to *bsd/*nix but the resulting traffic *can* affect it
> (of course if you've got some dang fast connection and a better box
> than my 486, you probably don't notice it! : ^ )
>
> now for my question... is there any better way to prevent the above
> DoS from happening on my system than firewalling off ALL connections
> from infected hosts (taken from my httpd-access.log file) and
> reporting them to their respective ISP? That's what I've done so far,
> and I haven't really noticed much of a slow-down... i'm getting
> NAILED by RR and shawcable customers (shawcable wants me to report
> EACH IP SEPERATELY to them w/ the corresponding log entry... i've got
> over 300 hosts blocked! ARG!)
>
> any suggestions are MORE than welcome!!!
Really anything less than a few of these a second shouldn't be causing a
noticable slowdown even on a 486. One thing you can do though is install
a /default.ida file on your machine. The Code Red request is a GET
request so just putting a small text file there will prevent the 404
errors. My guess is that sending a 10 byte text file out may be less
resource intensive than a really long BS URL that returns a error. It
will also clean up your logs.
Chris
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen ~ Hubris Communications ~ Lottery (noun):
PO Box 1969 ~ 120 S Market Suite 101 ~ A stupidity tax
Garden City, KS 67846 ~ Wichita, KS 67202 ~
Voice: (620) 275-1900 ~ Voice: (316) 858-3000 ~
Fax: (620) 275-0313 ~ Fax: (316) 858-3001 ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
- [aclug-L] Re: Denied connections, (continued)
- [aclug-L] Re: Denied connections, Greg House, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Greg House, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Greg House, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- [aclug-L] Re: Denied connections, John Alexander, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, John Alexander, 2001/08/26
- [aclug-L] Re: Denied connections, gLaNDix, 2001/08/27
- [aclug-L] Re: Denied connections,
Chris Owen <=
- [aclug-L] Re: Denied connections, gLaNDix, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Nate Bargmann, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- [aclug-L] Re: Denied connections, Greg House, 2001/08/27
- [aclug-L] Re: Denied connections, Greg House, 2001/08/27
- [aclug-L] Re: Denied connections, gLaNDix, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
|
|
