[lug] Intrusion Question
D. Stimits
stimits at comcast.net
Mon Sep 10 18:19:34 MDT 2007
dio2002 at indra.com wrote:
> Seems to be a hot topic lately.
>
> Someone's been trying to hit my apache with:
>
> 400 Bad Request
> /w00tw00t.at.ISC.SANS.DFind:): 4 Time(s)
>
>
I see a lot of these too on httpd logs. Addresses I see attempting this
are 211.255.215.62, 66.89.163.213, and 68.151.32.135. One of those is
Korea, not sure where the others are. I have almost all of China blocked
since the attacks from there are absolutely rampant, otherwise I'd
probably see even more. I see some of the SIGHUP stuff as well, but that
might have just been me since I was working on configuring the server
and doing graceful restarts. I don't see any modified RPM packages.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list