From owner-freebsd-security  Fri Jun  4 14: 8:56 1999
Delivered-To: freebsd-security@freebsd.org
Received: from dfw-ix10.ix.netcom.com (dfw-ix10.ix.netcom.com [206.214.98.10])
	by hub.freebsd.org (Postfix) with ESMTP id 17EA815B14
	for <security@FreeBSD.ORG>; Fri,  4 Jun 1999 14:08:53 -0700 (PDT)
	(envelope-from scaturan@ix.netcom.com)
Received: (from smap@localhost)
          by dfw-ix10.ix.netcom.com (8.8.4/8.8.4)
	  id QAA03798; Fri, 4 Jun 1999 16:07:57 -0500 (CDT)
Received: from nwf-nj28-13.ix.netcom.com(198.211.22.205) by dfw-ix10.ix.netcom.com via smap (V1.3)
	id rma003605; Fri Jun  4 16:06:17 1999
Message-ID: <3757F92A.1AA9FA9B@ix.netcom.com>
Date: Fri, 04 Jun 1999 17:04:58 +0100
From: steve caturan <scaturan@ix.netcom.com>
Organization: http://www.websytes.org
X-Mailer: Mozilla 4.5 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Chris <cconel@aussie.org>
Cc: "security@FreeBSD.ORG" <security@FreeBSD.ORG>
Subject: Re: Net abuse/DOS with Teleport Pro ?
References: <199906041843.EAA08014@mail.aussie.org>
Content-Type: text/plain; charset=gb2312
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

howdy,

i believe Teleport Pro is quite similar to BlackWidow ( softbytelabs.com
or softbytelab.com)..which is a "webspider". A "site leecher"
basically...used by many scan-collectors to leech off pics, zip, mp3s
and so on from various websites without having to necessarily use a
browser.

steve caturan (chye-fhut)
scaturan@ix.netcom.com


Chris wrote:
> 
> Upon processing my logs for the past few days, I noted an anamoly with regard
> to one particular directory. I checked out the logs manually.
> 
> During two periods over two days, a person using a agent that identified
> itself as 'Teleport Pro/1.26' made over ---THIRTY THOUSAND--- hits on my web
> server (at a rate of roughly one per second), repeatedly asking for the same
> (or similar) rubbish URL, as such ...
> 
>   /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=D
>   /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=A
>   /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=M
> 
> and a number of variations of this. All came from the same IP address.
> 
> I have not used this software and am unaware of its abilities, but I am
> amazed that any responsible firm would distribute software that could be so
> easily abused in this way. What it is doing seems, to me, to be either a user
> doing something silly, or a bug in teleport pro (more likely the latter).
> 
> Anyone seen this ?
> 
> -- Chris
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message