Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- DOS attempt? What is this?
October 5, 2008, 11:48 am
rate this thread
entries started appearing in my apache log:
ppp-88-217-13-109.dynamic.mnet-online.de - - [04/Oct/2008:13:50:32
+0200] "GET /stestu.html HTTP/1.1" 200 118012
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" "-"
(all on one line). This was repeated approx. every two and a half
minutes, each time with a different value of SIG and EXP. Just
before midnight last night, the remote address changed to
22.214.171.124 (ppp-88-217-9-101.dynamic.mnet-online.de); there was
no interruption in the two-and-a-half minute pattern. When I
discovered what was happening (about 12:00 CEST today) I blocked
the entire 126.96.36.199/16 range belonging to mnet-online.de by
making a shorewall rule.
Strangely, apache served the html page itself successfully (code
200), but the pictures belonging to the page were not requested
(although this normally does happen when a graphical browser like
MSIE 6.0 is used).
Is this some kind of DOS attempt? But why would someone try to
block my totally innocuous web page www.jw-stumpel.nl/stestu.html?
I also don't know what this rds.yahoo.com is supposed to do. I
normally don't use yahoo, but just tried to search for my own page
using it, and it didn't produce these log entries with rds.yahoo
- » "network wrapping" approach to user authentication, with single sign on?
- — Previous thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security