From owner-freebsd-security Fri Jun 4 16:40: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id 8ABCD1509E for ; Fri, 4 Jun 1999 16:39:52 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from rainbow5.scientia.demon.co.uk ([192.168.1.2] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.02 #1) id 10q1Nl-0005eQ-00; Fri, 04 Jun 1999 22:20:05 +0100 (envelope-from ben@rainbow5.scientia.demon.co.uk) Received: from rainbow5.scientia.demon.co.uk (ident=ben) by rainbow5.scientia.demon.co.uk with local (Exim 3.02 #1) id 10q1Ni-00061P-00; Fri, 04 Jun 1999 22:20:02 +0100 (envelope-from ben@rainbow5.scientia.demon.co.uk) Date: Fri, 4 Jun 1999 22:20:02 +0100 From: Ben Smithurst To: Chris Cc: security@FreeBSD.ORG Subject: Re: Net abuse/DOS with Teleport Pro ? Message-ID: <19990604222002.A23089@rainbow5.scientia.demon.co.uk> References: <199906041843.EAA08014@mail.aussie.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199906041843.EAA08014@mail.aussie.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chris wrote: > During two periods over two days, a person using a agent that identified > itself as 'Teleport Pro/1.26' made over ---THIRTY THOUSAND--- hits on my web > server (at a rate of roughly one per second), repeatedly asking for the same > (or similar) rubbish URL, as such ... > > /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=D > /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=A > /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=M > > and a number of variations of this. All came from the same IP address. > > I have not used this software and am unaware of its abilities, but I am > amazed that any responsible firm would distribute software that could be so > easily abused in this way. What it is doing seems, to me, to be either a user > doing something silly, or a bug in teleport pro (more likely the latter). Teleport Pro is a program which fetches websites by following all links to a certain depth, for offline viewing. Looks like it got caught in one of Apache's directory indexes and got confused. I'd say it's a bug in Teleport Pro, not interpreting the links properly, and not any deliberate abuse. -- Ben Smithurst ben@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message