On Tue, Jul 13, 2010 at 2:01 PM, Sakthi Esakiappan <sakthi.esakiappan@xxxxxxxxxxxxxxxx> wrote: > Any information guys... > > On 13 July 2010 10:16, Sakthi Esakiappan > <sakthi.esakiappan@xxxxxxxxxxxxxxxx> wrote: >> >> Hello, >> >> Hack attempt is made in one of our server. The hacker used string >> "w00tw00t.at.ISC.SANS.DFind" to continuously generate 400 Bad request to our >> server. He is capable of generating very large number of request in a short >> time from various IPs. >> >> I have hardened apache for handling this error code. Now I want to verify >> the same, so can any one suggest me how to regenerate 400 Bad request to a >> server. It would be also helpful if any information about how to prevent >> these types of attacks. >> This isn't an 'attack', it is a probe. If you wish to prevent people from probing your web server, take it off the internet. If you want to generate a bad request, it is easier than you think: > $ echo "This isnt a proper request" | nc strangepork 80 HTTP/1.1 400 Bad Request Date: Tue, 13 Jul 2010 13:23:46 GMT Server: Apache/2.2.15 (FreeBSD) mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/0.9.8e DAV/2 mod_wsgi/2.8 Python/2.6.5 mod_scgi/1.12 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|