Re: DOS From "inktomi.com"?

["PARKIN, MICHAEL M (PBI)" <mparkin () PBI NET>]

I've seen repeated connections from inktomi's web crawler bots, but never at
a level that affected performance.  As I remember, the inktomi bots do
respect the robots.txt protocol and will go away if your system tells them
to.

What do your logs show?  It almost sounds like the web crawler was trying to
follow a link to once of your scripts and blowing chunks on some of the
parameters.  Do your logs show any evidence of someone spoofing inktomi's IP
space?  That would conceal a DoS attack.

Mike Parkin
Network Reliability Center
SBC Internet Services
415.442.5108



-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Vonelm, William J
Sent: Tuesday, August 22, 2000 2:08 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: DOS From "inktomi.com"?


Hello all,
  We've just had one of our web servers pummeled into the ground by repeated
cgi requests from what appears to be a web-crawler from "inktomi.com".  Has
anybody else experienced this?  Is it some kind of malicious web Denial of
Service attack or just a poorly constructed web crawler?

Thanks!
--
Bill Von Elm:  Computer Analyst- Cyber Security Operations
e-mail: billve () bnl gov
Brookhaven National Laboratory - United States Department of Energy

"Facts do not cease to exist because they are ignored."
                                               - Aldous Huxley