[thechat] Server Attacks
Andrew Forsberg
andrew at thepander.co.nz
Tue Oct 30 00:36:28 CST 2001
Hi All
I was hoping one of the server-engineer types out there could help me
out. This isn't strictly web-dev related, more slightly amusing /
annoying, so I thought the chat might be a better forum.
I have a testing box setup locally -- it's only accessible externally
via a dynamic IP, which is fine for what I'm using it for. The thing
is, I've had over 80 unique IPs (all from a certain Korean
university: they will remain nameless:) attempt the exact same IIS
attack on it within an 8 hour working day.
For one, the box is serving up 401s to absolutely everything -- so
what's the point?; two, the addresses are not advertised -- is this
likely to be an IIS worm scanning IP ranges?; and three, it's a linux
box for god's sake -- why keep banging on with IIS hacks? This last
point, if not the previous ones, indicates that it must be a server
worm or some brain-dead student who's sure he / she is onto something.
Anyhow, uselessness of the attack aside: I've never seen anything
like it in the logs of sites hosted by my ISP. Is their some fancy
way to filter out this sort of thing? It really is simply annoying
and bandwidth/processor-cycle wasting, not a danger at all. Still,
I'm intrigued.
Any ideas?
Andrew
--
Andrew Forsberg
---
uberNET - http://uber.net.nz/
the pander - http://thepander.co.nz/
More information about the thechat
mailing list