Hi Kai et all,
my investigations give following picture of the last few days. Some
funny guys inside larger IP ranges use the update service for heavy load
on our server, so I'll try to install an automatism to reject requests
after a high number of requests in a given timeframe. This will work in
a first step temporary. Hope it'll be a first solution to protect the
complete service of OOo-EIS and some other services.
Have a merry christmas :-)
Frank
Kai Backman wrote:
A reverse DNS on the IP would be my first step. Then you could look up
who owns that specific IP range. Sometimes large providers route a
bulk of their traffic through a small external IP range (AOL comes to
mind) and you could be seing a lot of individual users. That said
100qps sounds like a bug or DoS issue. I'm assuming the software
reported it's current version, what version did the client report?
Dumping the packet contents might also be a good idea.
Kai
On 12/20/06, Jörg Jahnke <[EMAIL PROTECTED]> wrote:
Hi Kai,
it were AFAIK http queries to our Product Update Service. That service
can be used to check whether a new release for Sun's OpenOffice.org and
StarOffice builds is available. Why there were so many queries I have no
idea yet. Any hints on how to find out?
Regards,
Jörg
Kai Backman schrieb:
> On 12/19/06, Jörg Jahnke <[EMAIL PROTECTED]> wrote:
>> We are trying to configure our firewall in a way that this IP
address is
>> going to be excluded and the service is running fine again.
>
> So did you figure out why this IP was sending a 100 qps to the server?
> What type of queries was it?
>
> Kai
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
