From owner-freebsd-security Fri Jun 4 11:43:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (Postfix) with ESMTP id 2BE0D14DC8 for ; Fri, 4 Jun 1999 11:43:17 -0700 (PDT) (envelope-from cconel@aussie.org) Received: from frankenputer (dialup-b1-29.aussie.org [203.29.75.73]) by mail.aussie.org (8.9.0/8.9.0) with SMTP id EAA08014 for ; Sat, 5 Jun 1999 04:43:15 +1000 (EST) Message-Id: <199906041843.EAA08014@mail.aussie.org> From: "Chris " To: "security@FreeBSD.ORG" Date: Sat, 05 Jun 1999 04:42:40 +1000 Reply-To: "Chris" X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (4.0.1381;4) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Net abuse/DOS with Teleport Pro ? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Upon processing my logs for the past few days, I noted an anamoly with regard to one particular directory. I checked out the logs manually. During two periods over two days, a person using a agent that identified itself as 'Teleport Pro/1.26' made over ---THIRTY THOUSAND--- hits on my web server (at a rate of roughly one per second), repeatedly asking for the same (or similar) rubbish URL, as such ... /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=D /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=A /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=M and a number of variations of this. All came from the same IP address. I have not used this software and am unaware of its abilities, but I am amazed that any responsible firm would distribute software that could be so easily abused in this way. What it is doing seems, to me, to be either a user doing something silly, or a bug in teleport pro (more likely the latter). Anyone seen this ? -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message