From owner-freebsd-questions Sun Aug 5 9:43: 1 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls20.mediaone.net (chmls20.mediaone.net [24.147.1.156]) by hub.freebsd.org (Postfix) with ESMTP id C6E9837B401; Sun, 5 Aug 2001 09:42:54 -0700 (PDT) (envelope-from leblanc@smtp.ne.mediaone.net) Received: from canada.acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls20.mediaone.net (8.11.1/8.11.1) with ESMTP id f75GgcB27478; Sun, 5 Aug 2001 12:42:38 -0400 (EDT) Received: (from leblanc@localhost) by canada.acadia.ne.mediaone.net (8.11.5/8.11.5) id f75GcgB32462; Sun, 5 Aug 2001 12:38:42 -0400 (EDT) (envelope-from leblanc) Date: Sun, 5 Aug 2001 12:38:42 -0400 From: Louis LeBlanc To: questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Attempted Buffer Overrun in via httpd? Message-ID: <20010805123842.A32287@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: questions@FreeBSD.ORG, freebsd-questions@FreeBSD.org References: <119049501@toto.iv> <15213.29533.375904.18788@guru.mired.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <15213.29533.375904.18788@guru.mired.org> User-Agent: Mutt/1.3.20i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 08/05/01 11:25 AM, Mike Meyer sat at the `puter and typed: > > > Since it picks IP addresses at random, any given IP address should see > the same number of hits. Depending on the nature of the RNG used, > some sites may be immune. Sites running on server farms with lots of > IP addresses will see the same number of hits per IP as those of us on > single sites, but the total will be proportionately greater. > > What scares me is the possibilitity of near-exponential growth of the > thing. I've put up a plot of hits/hour since it started - at about 9am > CDT - to now at . Discount the > last data point - it only includes about 15 minutes of hits. The large > jump around 9am 8/4 got me, but it seems to have peaked at 45/hour, > and fallen back to ~15/hour. I can understand the levelling out as the > population of suspect servers approaches saturation, but why is did it > drop off? Or is the spike just random noise? > More likely, it is the scramble of M$ system admins worldwide installing patches and correcting configurations to slow the worms progress. Meanwhile, most of the *nix admins get to have their weekend to themselves :) L -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Truth is the most valuable thing we have -- so let us economize it. -- Mark Twain To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message