James,
what made me think this is that about 11pm every night this past week that
ip address would connect into my system and make over 100 connections and
stay connected for three and four hours at a time. It wouldnt have bothered
me to much if it was just once but this has happened at the same IP ADDRESS
203.81.66.17 and time of night everynight this week. Just seemed kinda fishy
to me.
In my view i dont see any need for one system(IP) alone to make that many
requests and tie up the rest of the internet connection.
and in regaurds to a possible exploit i dont think anyting like that
happened.
Thanks for your response,
Andy Rowe
Mirror Administrator http://apache.roweboat.net
[EMAIL PROTECTED]
- Original Message -
From: "James" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 18, 2004 12:59 AM
Subject: Re: to all mirrors
On Thu, Nov 18, 2004 at 12:56:27AM -0600, Andy Rowe wrote:
hi all,
not sure if this has happpened to anyone but i have been getting a DoS
from ip address 203.81.66.17
I do see this IP address in my logs but they are all legitimate
download requests as far as I can see.
anyways i have permanetly blocked this ip address access to my server at
http://apache.roweboat.net
What kind of abuse/"DoS" attack was it? Was it attempt to exploit
vulnerability? or?
Thanks for heads up.
-J
--
James JunTowardEX
Technologies, Inc.
Technical Lead Boston IPv4/IPv6 Web Hosting,
Colocation and
[EMAIL PROTECTED]Network design/consulting & configuration
services
cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
www.twdx.net
