Should I block ....
in [Firewalls]
|
From: Tom Cat on 5 Oct 2005 09:33 I was looking over last month's web logs, and noticed that an obscure and usually unpopular page had suddenly become one of my top 5 most requested pages. A little research found over 99% of the 10,000+ hits on the page were from one single host in the .ru domain. I can't imagine why anyone from Russia would want to look at that page. I also can't understand what they're trying to do. There does not appear to be a hack attempt. They only requested the page just over 10,000 times. Actually they requested the pagename with a %20 appended to it, so all they got was a 404 error and really didn't consume much bandwith. Therefore I don't think this was an attempt to know me off the net. Does anyone know what they might be up to? Should I have my firewall block them? Thanks, -Tom
From: Moe Trin on 5 Oct 2005 15:51 In the Usenet newsgroup comp.security.firewalls, in article <1128519187.145444.78980(a)g49g2000cwa.googlegroups.com>, Tom Cat wrote: >A little research found over 99% of the 10,000+ hits on the page were >from one single host in the .ru domain. Misconfigured 'wget' script, or a proxy server at a school where someone had put a note on the wall "For a good time, goto <mumble>.time.html" [For non-US - there's an old joke about a small sign in a public phone kiosk with those words - and a phone number like '555-1234' which many phone companies here use for a talking clock reporting the correct local time.] >Actually they requested the pagename with a %20 appended to it, so all >they got was a 404 error and really didn't consume much bandwith. %20 is a space. Are you saying its like "http://foo.bar.baz.html "? I'd be looking to see where they could be getting the hint that your page even exists - and if that _other_ page has the space error. Doing a google search may turn it up if the referral is not yours. I'd _also_ look at your page name and see if it couldn't be being confused with some other site - as an example, your site being called 'foo.bar.baz.us' and these guys looking for 'foo.bar.baz.ua' or 'foo.bar.baz.su'. >Should I have my firewall block them? That's up to you. Do you have any reason for or against serving pages to that TLD? Old guy>
From: smilemac on 6 Oct 2005 09:34 "Tom Cat" <stry_cat(a)yahoo.com> ???????:1128519187.145444.78980(a)g49g2000cwa.googlegroups.com... > I was looking over last month's web logs, and noticed that an obscure > and usually unpopular page had suddenly become one of my top 5 most > requested pages. A little research found over 99% of the 10,000+ hits > on the page were from one single host in the .ru domain. > > I can't imagine why anyone from Russia would want to look at that page. > I also can't understand what they're trying to do. There does not > appear to be a hack attempt. They only requested the page just over > 10,000 times. Actually they requested the pagename with a %20 appended > to it, so all they got was a 404 error and really didn't consume much > bandwith. Therefore I don't think this was an attempt to know me off > the net. > > Does anyone know what they might be up to? Should I have my firewall > block them? > > Thanks, > > -Tom > Yes, you should block it.
From: Frankster on 6 Oct 2005 11:59 "Leythos" <void(a)nowhere.lan> wrote in message > Any address that is not part of your customer base or target market > should be blocked. There is no reason to allow access to a web server > for the entire world, unless your target is the entire world. > > We block most Asian and eastern countries by default since we don't do > any business with them - it's cut our chatter down by some 80% - we > block entire subnets in foreign countries, which also cuts down on spam. Leythos, you live in a dream world. -Frank
From: Frankster on 6 Oct 2005 12:13 "Leythos" <void(a)nowhere.lan> wrote in message news:MPG.1daf14b7b541d04998a1ea(a)news-server.columbus.rr.com... > In article <k9-dnREINuNi1NjenZ2dnUVZ_sqdnZ2d(a)giganews.com>, > Frank(a)SPAM2TRASH.com says... >> >> "Leythos" <void(a)nowhere.lan> wrote in message >> > Any address that is not part of your customer base or target market >> > should be blocked. There is no reason to allow access to a web server >> > for the entire world, unless your target is the entire world. >> > >> > We block most Asian and eastern countries by default since we don't do >> > any business with them - it's cut our chatter down by some 80% - we >> > block entire subnets in foreign countries, which also cuts down on >> > spam. >> >> Leythos, you live in a dream world. > > Nice comment - please elaborate on that. Sure. I'm just happy for you that your customers know the IPs of their target market. They are lucky dudes, I'd say. -Frank
|
Next
|
Last
Pages: 1 2 Prev: Netscreen 25: using multiple untrusted interfaces Next: port forwarding/ opening port |