[PLUG] strange http requests
Elliott Mitchell
ehem at m5p.com
Tue Nov 15 00:04:54 UTC 2005
>From: fh oregon <linux at frankhunt.com>
> If you give your logs a good look, you will most likely find references
> to all kinds of "stuff" in there. I run a check daily looking for 404
> errors with an associated .exe or .cgi or .pl associated with them.
> These are caused by someone up to no good. I trap their IP address and
> exclude them from my web site from then on with the Deny <IP> directive.
Problem is you're most likely to catch worms and zombies this way, than
do any real good. In the case of dialup systems you're going to have to
block large numbers of IP addresses, and you get a lot of uninvolved
parties.
Better is to provide an alert to the poor sap whose machine has been
turned into swiss cheese. In this general category was the classic of
creating a 64KB file of zeros named "default.ida", because this crashed
the worm.
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\BS ( | EHeM at gremlin.m5p.com PGP 8881EF59 | ) /
\_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
\___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/
More information about the PLUG
mailing list