[aclug-L] Re: Denied connections
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Is there a way to figure out what may be causing such a network slowdown?
On Mon, 27 Aug 2001, Chris Owen wrote:
>
> On Mon, 27 Aug 2001, gLaNDix wrote:
>
> > On Sun, 26 Aug 2001, John Alexander wrote:
> >
> > > (read aggressive) policy towards NT/2000 server maintenance). Not a single
> > > one (and their are a few) Linux boxes were affected.
> >
> > not 100% true as one may think... my FreeBSD box goes in and out of
> > service because of all the traffic i'm getting... Sure, the exploit
> > doesn't apply to *bsd/*nix but the resulting traffic *can* affect it
> > (of course if you've got some dang fast connection and a better box
> > than my 486, you probably don't notice it! : ^ )
> >
> > now for my question... is there any better way to prevent the above
> > DoS from happening on my system than firewalling off ALL connections
> > from infected hosts (taken from my httpd-access.log file) and
> > reporting them to their respective ISP? That's what I've done so far,
> > and I haven't really noticed much of a slow-down... i'm getting
> > NAILED by RR and shawcable customers (shawcable wants me to report
> > EACH IP SEPERATELY to them w/ the corresponding log entry... i've got
> > over 300 hosts blocked! ARG!)
> >
> > any suggestions are MORE than welcome!!!
>
> Really anything less than a few of these a second shouldn't be causing a
> noticable slowdown even on a 486. One thing you can do though is install
> a /default.ida file on your machine. The Code Red request is a GET
> request so just putting a small text file there will prevent the 404
> errors. My guess is that sending a 10 byte text file out may be less
> resource intensive than a really long BS URL that returns a error. It
> will also clean up your logs.
>
> Chris
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Chris Owen ~ Hubris Communications ~ Lottery (noun):
> PO Box 1969 ~ 120 S Market Suite 101 ~ A stupidity tax
> Garden City, KS 67846 ~ Wichita, KS 67202 ~
> Voice: (620) 275-1900 ~ Voice: (316) 858-3000 ~
> Fax: (620) 275-0313 ~ Fax: (316) 858-3001 ~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -- This is the discussion@xxxxxxxxx list. To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
>
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
- [aclug-L] Re: Denied connections, (continued)
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Greg House, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Greg House, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- [aclug-L] Re: Denied connections, John Alexander, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, John Alexander, 2001/08/26
- [aclug-L] Re: Denied connections, gLaNDix, 2001/08/27
- [aclug-L] Re: Denied connections, Chris Owen, 2001/08/27
- [aclug-L] Re: Denied connections,
gLaNDix <=
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/26
- [aclug-L] Re: Denied connections, Nate Bargmann, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- [aclug-L] Re: Denied connections, Greg House, 2001/08/27
- [aclug-L] Re: Denied connections, Greg House, 2001/08/27
- [aclug-L] Re: Denied connections, gLaNDix, 2001/08/27
- [aclug-L] Re: Denied connections, Ironrose, 2001/08/27
- Message not available
- [aclug-L] Re: Denied connections, Jesse Kaufman, 2001/08/28
|
|
