Date: Tue, 18 Sep 2001 17:31:15 -0400 From: Chris Faulhaber <jedgar@fxp.org> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Jim Arnold <jim@ohio.com>, freebsd-security@freebsd.org Subject: Re: Nimda-A Worm/Virus threatens networks Message-ID: <20010918173115.A53937@peitho.fxp.org> In-Reply-To: <20010918203128.B33432@mail.webmonster.de> References: <20010918195218.P27375@mail.webmonster.de> <a05100308b7cd4104a941@[206.128.102.10]> <20010918203128.B33432@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 18, 2001 at 08:31:28PM +0200, Karsten W. Rohrbach wrote: > Jim Arnold(jim@ohio.com)@2001.09.18 14:21:50 +0000: > > i am running an apache server on linux. how do i stop it from gobbling > > all my bandwidth? i'm being hit by dozens of different servers. >=20 > you might configure your 404 error handler to spit out a very small > file (for example containing just one space character '%20'). >=20 > mod_throttle or other bandwidth control tools will not help, since the > worm hits each server it scan with a list of several uris and that's > pretty it. >=20 > if the worm catches a 404 http error it will cease scanning this > particular system. bad, that it does not honor redirect requests ;-) >=20 I tend to disagree with the next-to-last sentence. I have logged over 6600 requests from 37 unique hosts in the class B on which my box is located, each request generating a 404. These requests are pretty much generating a constant stream of log entries. While the bandwidth doesn't seem to be an issue here, and apache's CPU usage is 0.00 (server is a Pentium 166), my logs are bulging. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjunvSIACgkQObaG4P6BelBOVwCfYkJ9pdVazbMl2ls5Kf8MQUSS /dsAn06qtOAvsPZmdUSdGVFpCvpwW/rz =cX/J -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010918173115.A53937>