It's an annoyance . . . . . This is a standard worm attack. Patched IIS servers are immune. Tomcat should be immune (the fact that you are getting invalid URI entries in your log suggests that you are). Apache is immune.
This attack can still fill up IIS logs, while it just puts one entry in Apache and Tomcat logs. I think it can be used for DOS on IIS still, but that's about it. About once a week I run a little script that pulls these entries out of the log, and does a reverse lookup on the offenders. I can then do a whois to find out the ISP, and the abuse mail address. Unfortunately, many of these sites are basically home computers attached by DSL or cable modem. The owners are often unaware that their Win/2K or Win/NT boxes are launching these attacks. In short, outside of using Apache to redirect the attacks or possibly a content filtering firewall in front of your web server, there's not much that can be done. Welcome to the Internet for everyone . . . Just my two cents - /mde/ __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>