Security Basics mailing list archives
BotNet Attack?
From: david.gendel () gmail com
Date: 9 Aug 2007 20:11:36 -0000
I have been seeing these levels/volumes of hits in our logs that are way to many to be human. Anyone else seeing this type of activity or have good advice on paths forward? I am brainstorming about: adaptive firewall rules (n connections in past y minutes blocks for z hours), mod_security in apache for finer grained rules, and...... ? hits/hr url being hit source ip 698 http://xxx.domain.zzz/featured.shtml 76.80.7.194 351 http://xxx.domain.zzz/featured.shtml 12.111.74.5 509 http://xxx.domain.zzz/featured.shtml 76.108.77.94 508 http://xxx.domain.zzz/featured.shtml 74.130.65.89 690 http://xxx.domain.zzz/featured.shtml 71.188.41.132 691 http://xxx.domain.zzz/featured.shtml 67.68.208.38 682 http://xxx.domain.zzz/featured.shtml 71.191.146.233 690 http://xxx.domain.zzz/featured.shtml 209.242.151.18 513 http://xxx.domain.zzz/featured.shtml 167.88.178.70 477 http://xxx.domain.zzz/featured.shtml 162.135.0.6
Current thread:
- BotNet Attack? david . gendel (Aug 10)