Home page logo
/

basics logo Security Basics mailing list archives

BotNet Attack?
From: david.gendel () gmail com
Date: 9 Aug 2007 20:11:36 -0000

I have been seeing these levels/volumes of hits in our logs that are way to many to be human. Anyone else seeing this 
type of activity or have good advice on paths forward? 

I am brainstorming about: adaptive firewall rules (n connections in past y minutes blocks for z hours), mod_security in 
apache for finer grained rules, and...... ?


hits/hr         url being hit                   source ip


698     http://xxx.domain.zzz/featured.shtml    76.80.7.194
351     http://xxx.domain.zzz/featured.shtml    12.111.74.5
509     http://xxx.domain.zzz/featured.shtml    76.108.77.94
508     http://xxx.domain.zzz/featured.shtml    74.130.65.89
690     http://xxx.domain.zzz/featured.shtml    71.188.41.132
691     http://xxx.domain.zzz/featured.shtml    67.68.208.38
682     http://xxx.domain.zzz/featured.shtml    71.191.146.233
690     http://xxx.domain.zzz/featured.shtml    209.242.151.18
513     http://xxx.domain.zzz/featured.shtml    167.88.178.70
477     http://xxx.domain.zzz/featured.shtml    162.135.0.6


  By Date           By Thread  

Current thread:
  • BotNet Attack? david . gendel (Aug 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]