On Fri, 15 Mar 2002 eaxat_private wrote: > For the last couple days, one of our client's virtual-hosts on one of our webservers has been DDOSed with > tons of HTTP requests composed of: > > GET / HTTP/1.1 > Host: example.com These are in fact valid request if I setup a link like: <a href="http://example.com/"> or even <a href="http://example.com"> Do you have any referrer information to disclose as well? An apache server with full referer logging would tell you this and it could lead you to the source. It may be a DDOS attack but it could as well be just a link that got typed wrong on a popular site. (Say with a link to warez software or over exposed pictures. ;-) There is no evidence this is a real attack with the information you provided yet. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 08:40:20 PST