Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Im under DoS attack!
  • From: Marcos Rojas <marcos1948@xxxxxxxxxxxx>
  • Date: Fri, 11 Jul 2003 18:35:32 -0300 (ART)
  • Message-id: <20030711213532.84401.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Do someone know how can i protect my Server, Iptables rules, Susefirewall?

Now are only 3 IPs sources where the attack comes from (is a small one) ...

Should I filter the Ips with Iptables?

Example - apache-error-log:

[Fri Jul 11 15:27:10 2003] [error] [client xxx.xxx.xxx.xxx] request failed: erroneous characters after protocol string:
\t\x97\xf2|\xfbS?Xdm8\xd4\xfa\xca\x03\x11\xb1\xa1\xc8\"\x99\xd2\xb7\t\x04zN\xe1\xe7\xc4\xd4^\x83\x02*sD\xfb\xc2R\xe8\x87\xef\x99\xe5Za\xca\x06\x1e\xe8\x16\xd5\xa9#F\xe3\xe4\x7fD\xeb\x02\xc3\xe4\x01\x1b\xb1\xb0\x1b\x96%\xe6\x0cM\xa4\xc0\xb5\xeb8\xf7z\x99z\x8a\xf2\xda\xef\xbc\xe4\xb4\x99\\p\x11\xc6I\x89e-5\xab\x90\x12\x86Fe\xd7B2\x80+\x9fS\xb0\x1d{\xe0\xe1==x\xca\xbaeb\x1d\xc7g\x19\x01D\xba\b\xc1\x9b,\x92\xc5\xe7xU\xc2\\\x1b\xb0/\xe3b\x82\xf8\x05\xc75\x1f\xa0\xd2M\x1a\xab\xfe\x1c\xf4\x8bO\x9ae\xae\xc8\xcb:<A<\x99K\xc5\xd8\x8cV8\x04\xbd\xeb=\xe6\x7f\xa5W\t\x0fZN\x1f\x18\x95\xd3%|Gh\xadQ\xb9{\x1c\xe7\xdf\x98|\xd6$\xd6\xdc\xa38m\xe7Z\xc7\xe5M\x03\x89\xaa\x1dv\xc4wtq\x14\x10\\\xe7g0\xed\x9bK\xc1\xba\xeelSi\xf5X\xc7\xa1\xcf\x86L)6\x97\x19\v\xc9\x05]\xe7zZa\b\xd1j1\xda\xd37\x93\x9c\x1a\x05\x8c\xcbvj&\xde\xda\xa7q5w9\xc7K\"\xabU3\xfb\xaf\xd7APn\xa3\b\xbf\x1c\xe9\x84\x9b'\xb6\xecH-\xc6\x8e+j\xa1\x89\xd7\xc8\x95\xc2/\xf8\xa0\x0fC\x15\x85\xf5\x0c\x83 \xb6\\\x1c\xf5\x8b\x15\x8e\x10.\x98\
xfe

[Fri Jul 11 16:13:03 2003] [error] [client xxx.xxx.xxx.xxx] Invalid URI in request É#26;?¹">¦ñ©æt¨bf8Ó¿óÝ@©êNNËH¤ A$>É?¹

[Fri Jul 11 16:13:09 2003] [error] [client xxx.xxx.xxx.xxx] Invalid URI in request hInW‚|ÿ ègOž


[Fri Jul 11 16:13:18 2003] [error] [client xxx.xxx.xxx.xxx] request failed: erroneous characters after protocol string: \xbe\xb6\x18\xc4>\x81\x18\xe4\xc1\x8ei\xc2\xe9\x0cT\x1c\xd3\xaf\x85t?JXQ\xf0\xa0S\xa6Ww\xf3\x93k\xef\xacL\xdb\x13+Vg\xac\xde\xf8\x8b]\xb6\xf0_\xec,\xbb\x11\xb4\x0c\xb1g?\xfdb\b\x8f\xbdQ\xee\xf9\\\x1d\xd6\xa4v\xbce\xea\v\t\xa4\x02\x8a|\xb2\xdb/9\xbaK\x8fM#ir4\x067\xe0\x9e\xe4\x84~r\x98\x11\xb8\xf4\x19\xcbBg\xd3\xaa\xc3\xcf\x15\xb7h\xb9\t\xfe^\xad\xe8k8\x05z9\x91\xfa\xd6\xa8\xf1\x05o\xf7\xf5dQ\x91\xab\xfa\xa7\x82<]\x81/\xcd+\xd4C\xa6\x9c\xc2E\xc2\xec\xb7\xee/\xb0\x94
\x89\x1a.\x13\xb1\xdcw\xbfRC\xa3[]\xcf;\x1e\xb5\"nH-\x1b\xa8e\xafBg\xd0\xbdgIw\x1e\x86i\xde\xd1\xee\xebhF\xa2B\x1b\x96\xc1Yz\xccj\xc4Jh\xb2\xcf\xb8\xb1\\\x8a\xa4\xdaXn\xb0\xcc~C\x97'\x82A\xc0\x83%u\x14\xfa\xa8f\x0c\xeb\x86\xf8\x0e\xf9c\x92\xf9T?|\xfe:O\x1f\xad;R{\xa8W\x17'\xf7\xb3bd#\xc9\x97\x98JH}\xfe\x0ceC\x9c\xa7r\xc0v`\xb1\xff\x02&j\xfb\xdbr;\xa7\xb9q\xb02\xa1e\x14\x88YILk\x9b\x11\x8e\xb0\xf1\xe6\xcc\xfb;\xc2F\xa2M\xbe\x03\x9c\x0c\xb7\xb7\xdbtG\xea\xdd\xdf\xf3W\x7f\x85\xa6\x92\x11@_\xee\xaf\x92'\x9e\xce\xe9E\x1a\x15\"\xb3\xc4nKI\xb4\xa4n\xb5\xa0\x8b\xfb\x83\x0f\xfa\xbcS\xaaB\xd2\x8a\xd5\x8d\xcaU\x9b\t-\xea\xe5IR\x12\xf0\xe7v\xe3\xfeo\x0e\xd2Lx\\\xeaD\x14@W\xf2kQ'\xbc\xa2V\xc5iY\xe6RGs\xc0\x8fm\xa7j\xfa0\x8cv\xecZN\xa8's\xeb\\\xae?\xa3\"\xd9\x88\xa9\xaa\xa8\x1e\x1f\xe7X\x1bBo4k\xe0!\xae\x8c\x13\v\xae\x93S:i_b\\V\xdeK\xa5\xad~\xc0\x8dY\x8d\x9c\x17\xa3<%

and so on ...

Please help me :(

Marcos



---------------------------------
Internet GRATIS es Yahoo! Conexión.
Usuario: yahoo; contraseña: yahoo
Desde Buenos Aires: 4004-1010
Más ciudades: clic aquí.
< Previous Next >
This Thread
  • No further messages