Date: Sun, 4 Nov 2001 19:20:33 -0000 From: "Danny Horne" <danny@clifftop.net> To: "Ian Smith" <smithi@nimnet.asn.au> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: OT - Attack on Apache? Message-ID: <NFBBLHGNILAMKHLOOJGMGEKHCCAA.danny@clifftop.net> In-Reply-To: <Pine.BSF.3.96.1011104041644.21955A-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Ian Smith > Sent: Saturday 03 November 2001 5:41pm > To: Danny Horne > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: OT - Attack on Apache? > > 408 is a Request Timeout. 'The client did not produce a request within > the time that the server was prepared to wait. The client MAY repeat > the request without modifications at any later time.' > > Most likely just the source box so bogged down that it can't complete > its requests in time. I've only seen such groups of these from Windows > webserver IPs infected with Nimda, 'randomly' scanning our subnet with > HTTP requests. Only a bother, not a danger. > > Note that the first octet of the IP address is the same as yours. You > may see as many or more of these (Nimda requests in general), over time, > from IPs having the same first two octets as your own address. We did, > anyway. Walling it off from tcp 80 access, at least until it's fixed, > won't hurt :-) > Thanks Ian, I've put a blanket ban on this IP for a while To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NFBBLHGNILAMKHLOOJGMGEKHCCAA.danny>