Anyone from Barracuda on the list or have a contact? I have a screenshot and logs showing a lot of concurrent accesses from 209.222.82.X which appears to be IPs for ess barracuda. I'd normally call it a DOS attack. Looks like robots gone bad but they aren't using a proper robot tag or honoring the robots.txt crawl-delay either:
209.222.82.234 - - [01/Apr/2020:14:37:25 -0400] "GET / HTTP/1.0" 200 11771 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.234.236551585766180153" 209.222.82.235 - - [01/Apr/2020:14:43:30 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.235.236671585766183863" 209.222.82.229 - - [01/Apr/2020:14:45:00 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.229.23733158576618728" 209.222.82.232 - - [01/Apr/2020:14:45:01 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.232.23651158576618449" 209.222.82.235 - - [01/Apr/2020:14:45:08 -0400] "GET / HTTP/1.0" 200 11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.235.123711585766184763" 209.222.82.235 - - [01/Apr/2020:14:45:09 -0400] "GET / HTTP/1.0" 200 11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.235.123691585766185460" 209.222.82.235 - - [01/Apr/2020:14:45:15 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.235.123721585766186775" 209.222.82.230 - - [01/Apr/2020:14:45:16 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.230.237121585766186232" 209.222.82.229 - - [01/Apr/2020:14:45:16 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.229.236641585766185777" 209.222.82.228 - - [01/Apr/2020:14:45:17 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.228.23666158576618427" 209.222.82.228 - - [01/Apr/2020:14:45:17 -0400] "GET / HTTP/1.0" 200 11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.228.236531585766184100" 209.222.82.231 - - [01/Apr/2020:14:45:19 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.231.236571585766184178" 209.222.82.232 - - [01/Apr/2020:14:45:21 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.232.237341585766187267" 209.222.82.229 - - [01/Apr/2020:14:45:21 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.229.123701585766184123" 209.222.82.235 - - [01/Apr/2020:14:45:23 -0400] "GET / HTTP/1.0" 200 11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.235.237601585766188315" 209.222.82.231 - - [01/Apr/2020:14:45:23 -0400] "GET / HTTP/1.0" 200 8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.231.237591585766188286" 209.222.82.230 - - [01/Apr/2020:16:03:21 -0400] "GET / HTTP/1.0" 200 11771 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "209.222.82.230.8481585771256694" Regards, KAM -- *Kevin A. McGrail* CEO Emeritus Peregrine Computer Consultants Corporation 10311 Cascade Lane Fairfax, VA 22032 http://www.pccc.com/ 703-359-9700 / 800-823-8402 (Toll-Free) 703-798-0171 (wireless) kmcgr...@pccc.com <mailto:kmcgr...@pccc.com> https://www.linkedin.com/in/kmcgrail
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop