North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Dos attack?

  • From: guy
  • Date: Tue Oct 21 09:10:03 2003

	You should start with your upstream's security dept. They may have
seen either this incident, a related one, or both. And they more than
likely have resources at other transit providers' security depts. You pay
for their service, you may as well use it, right?



We are getting a LOT of web requests containing what mostly looks like

[Mon Oct 20 21:13:42 2003] [error] [client] request
failed: erroneous characters after protocol string:

But this is not the standard Microsoft worm stuff that I can tell. It is
coming from numerous IP addresses and nearly took down a few of our
servers until we started blocking them with the firewall. So I am trying
to find out as much as I can about what is happening, but I don't really
know where to start. I don't believe it is considered approperiate to
send a list of IPs to this list. So where should I start? The list so
far contains about 60 addresses.