Possible attack; opinions wanted
Bill Horne
bill at horne.net
Wed Jul 17 12:08:50 EDT 2002
Thanks to everyone for their help. Some answers to your questions:
---- Original Message -----
From: "Nathan Meyers" <nmeyers at javalinux.net>
To: "Bill Horne" <bill at horne.net>
Cc: <discuss at blu.org>
Sent: Wednesday, July 17, 2002 11:40 AM
Subject: Re: Possible attack; opinions wanted
> On Wed, Jul 17, 2002 at 11:41:43AM -0400, Bill Horne wrote:
> > Thanks for reading this. I'm trying to figure if my server is being
attacked, or just probed: please take a look at the httpd error log segment
located at http://billhorne.homelinux.org/hacklog.html.
>
> And the difference between attacking and probing is - what? - whether
> you're being personally targeted? FWIW, I'd call it an attack - by a
> Windows IIS virus looking to propagate itself.
I'm probably using the wrong terms: I consider an "attack" to be an entry
attempt specifically targeted at my machine by a human. Everything else is a
probe.
Does anyone have the virus alert page handy? It's tried a variety of errors,
which is why I thought it an attack.
----
----- Original Message -----
>From: Keller, Tim
>To: 'Bill Horne'
>Sent: Wednesday, July 17, 2002 11:33 AM
>Subject: RE: Possible attack; opinions wanted
>You are being attacked, but its an attack against IIS, not apache. I just
checked and in the >last 2 days, I've gotten 40000 of this entries on my
external web server.
>Your not in any danger, it's more an annoyance than anything else.
>Tim.
OK, the heat's off then. I had thought a human was targeting my IP
one-on-one.
---
>FROM: Phil Buckley
>You could report the offender up the line so he at least becomes aware
>that he's being a pain in the ass.
>Phil
Already done: pajo networks in LA.
Bill
More information about the Discuss
mailing list