We have an old software proxy that clients surfed through. It's discontinued and normally we have 50 clients or less still trying to use it. In the last hour it's climbed to over 3000 so I did some investigating. It seems the same clients over and over are making massive amounts of http queries. Since we don't proxy, we just forward to a page that says product discontinued, and since that page is on a thttpd server, it hasn't affected us. However, it seems to be a DoS...I've got 8 IPs that were sending a combined 40 requests/second listed in my firewall now. Anyone else noticing any bursts in http traffic or known attacks? -- Jon Zobrist CISSP <jzobristat_private>
This archive was generated by hypermail 2b30 : Wed Jul 30 2003 - 07:59:15 PDT