Quote:
Originally posted by trap_jaw4
Did gtk-gnutella run on the same port as your httpd does now?
In that case, there is just some other host still sending the address of your httpd as alternate location.
And please, 1455 connection attempts within a couple of days is by far not a DoS attack. |
No. I have never run gtk-gnutella or any other gnutella servant on any other port but 6346/tcp.
Well, yesterday there was ~2000, and today there is still several hours left. Maybe someone is just trying to flood httpd-logs so partition /var will be full and it WILL cause a DoS. Fortunately I audit these things automaticly pretty good, but someone else may not.
Any ideas why LimeWire clients do this? I haven't yet notice any other servants but LimeWire. I myself have never used LimeWire or any GWebCache. Also the IP-address hasn't changed so it cannot be someone else's servant who previously was listening in 80/tcp.
The three latests:
[07/Jan/2004:18:02:28 +0200] (68.83.173.148 68.83.173.148) - - -> "GET /uri-res/N2R?urn:sha1:4R4VM2DXDTEMWEW3BIU6TEH42VHJLDSZ HTTP/1.1" - <- 403 405B 0s "LimeWire(Acquisition)/103.4" "-" 27740
[07/Jan/2004:18:07:44 +0200] (68.83.173.148 68.83.173.148) - - -> "GET /uri-res/N2R?urn:sha1:4R4VM2DXDTEMWEW3BIU6TEH42VHJLDSZ HTTP/1.1" - <- 403 405B 0s "LimeWire(Acquisition)/103.4" "-" 27741
[07/Jan/2004:18:19:08 +0200] (68.117.42.170 68.117.42.170) - - -> "GET /uri-res/N2R?urn:sha1:4R4VM2DXDTEMWEW3BIU6TEH42VHJLDSZ HTTP/1.1" - <- 403 405B 0s "LimeWire/3.5.8 (Pro)" "-" 27742