dos attacks...
-
-
It definitely looks like a DOS attack - though it could also be some script kiddie using a vulnerability scanner that's checking for any exploitable web-scripts on the server. Anyway can't she block the IP at the router? Nish
My blog on C++/CLI, MFC/Win32, .NET - void Nish(char* szBlog); My MVP tips, tricks and essays web site - www.voidnish.com
-
l a u r e n wrote: nonsense page urls Are the urls unusually long? It might be an attempt to exploit a buffer overrun vulnerability, rather than a DoS attack. Maybe a small script to send them all back to the source address is in order.:rolleyes: "If it's Snowbird season, why can't we shoot them?" - Overheard in a bar in Bullhead City
-
It definitely looks like a DOS attack - though it could also be some script kiddie using a vulnerability scanner that's checking for any exploitable web-scripts on the server. Anyway can't she block the IP at the router? Nish
My blog on C++/CLI, MFC/Win32, .NET - void Nish(char* szBlog); My MVP tips, tricks and essays web site - www.voidnish.com
Besides this, the attack is good for making the log file more difficult to read. I have curious vistors who access my site via robots. Some sections of the provided log file is limited to the top 20 entries which are filled by them. I guess this happens quite often and for now no one cares that much but in my opinion its a criminal action. Contacting the provider hosting the attacker is sometimes difficult. One of my guests is 203.222.167.98, which belongs to sprint.com. They simply don't care. Jürgen Eidt http://cpicture.de/en [^]
-
l a u r e n wrote: nonsense page urls Are the urls unusually long? It might be an attempt to exploit a buffer overrun vulnerability, rather than a DoS attack. Maybe a small script to send them all back to the source address is in order.:rolleyes: "If it's Snowbird season, why can't we shoot them?" - Overheard in a bar in Bullhead City
-
Simplicity reigns supreme.:-D "If it's Snowbird season, why can't we shoot them?" - Overheard in a bar in Bullhead City
-
Dos is normally not HTTP requests from a single IP. It's more like a scanner of some sort trying different well-known pages to see if there are some on the server which can be exploited... I see it in my logs all the time. Either blog the IP or just let it pass ;) - Anders Bill's Bar
My PhotosWDevs - The worlds first DSP, free blog space, email and more. Now also with forums :)
-
It could also be a plugin in a users browser. We had the same problem at client last year, and it turned out, that over 50% of the weird requests comes from a media plugin that tries to cache media files that, or may not exist, on the server. "After all it's just text at the end of the day. - Colin Davies "For example, when a VB programmer comes to my house, they may say 'does your pool need cleaning, sir ?' " - Christian Graus