David C. Rankin wrote:
I admit, I draw blanks trying to interpret whether what I'm seeing is legitimate or not. Whatever this bot is, it caused enough traffic to completely filled the scroll-buffer of my xterm in less than 1 second?? I have made the scroll buffer lines that I was able to catch available in hopes somebody can take a peek and let me know if it looks normal:
http://www.3111skyline.com/download/webdev/dos/access_log-20090215
Also, I raised the firewall and added a custom rule to take all traffic from 66.249.0.0/24 and redirected to port 9345 (unassigned). Hopefully this works like an iptables drop. If not or if it will cause problems, somebody please let me know.
Any knowledge you can give to help me sort through this will be appreciated. Thanks.
Also, since I have always hated the firewall, I don't know how well it is ^\(mis\)*configured. So if you have problems getting to the site, let me know and I'll try again;-) -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org