Home page logo

basics logo Security Basics mailing list archives

BotNet Attack?
From: david.gendel () gmail com
Date: 9 Aug 2007 20:11:36 -0000

I have been seeing these levels/volumes of hits in our logs that are way to many to be human. Anyone else seeing this 
type of activity or have good advice on paths forward? 

I am brainstorming about: adaptive firewall rules (n connections in past y minutes blocks for z hours), mod_security in 
apache for finer grained rules, and...... ?

hits/hr         url being hit                   source ip

698     http://xxx.domain.zzz/featured.shtml
351     http://xxx.domain.zzz/featured.shtml
509     http://xxx.domain.zzz/featured.shtml
508     http://xxx.domain.zzz/featured.shtml
690     http://xxx.domain.zzz/featured.shtml
691     http://xxx.domain.zzz/featured.shtml
682     http://xxx.domain.zzz/featured.shtml
690     http://xxx.domain.zzz/featured.shtml
513     http://xxx.domain.zzz/featured.shtml
477     http://xxx.domain.zzz/featured.shtml

  By Date           By Thread  

Current thread:
  • BotNet Attack? david . gendel (Aug 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]