Date: Fri, 4 Jun 1999 21:54:58 -0700 (PDT) From: Brook Miles <forger@bcgrizzly.com> To: Chris <cconel@aussie.org> Cc: "security@FreeBSD.ORG" <security@FreeBSD.ORG> Subject: Re: Net abuse/DOS with Teleport Pro ? Message-ID: <Pine.BSF.4.02A.9906042137200.15844-100000@kodiak.bcgrizzly.com> In-Reply-To: <199906041843.EAA08014@mail.aussie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Jun 1999, Chris wrote: > Upon processing my logs for the past few days, I noted an anamoly with regard > to one particular directory. I checked out the logs manually. > > During two periods over two days, a person using a agent that identified > itself as 'Teleport Pro/1.26' made over ---THIRTY THOUSAND--- hits on my web > server (at a rate of roughly one per second), repeatedly asking for the same > (or similar) rubbish URL, as such ... > > /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=D > /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=A > /Docs/?S=A?M=A?N=A?S=D?N=A?S=D?S=M > > and a number of variations of this. All came from the same IP address. > > I have not used this software and am unaware of its abilities, but I am > amazed that any responsible firm would distribute software that could be so > easily abused in this way. What it is doing seems, to me, to be either a user > doing something silly, or a bug in teleport pro (more likely the latter). > > Anyone seen this ? > > -- Chris If you view the /Docs/ directory with a web-browser you will likely be presented with the directory listing and automatically generated links labeled "Name", "Last Modified" and so on above the columns...clicking on "Name" for example links to /Docs/?N=D which will give you the same list but sorted by name in descending order. The websucker this person is using has put itself into a possibly infinite loop, recursivly following the links to the same page...only sorted differently each time. Also it appearently doesn't properly understand relative urls of the type "?N=A" as it is appending them each time instead of replacing them. This is something the vender should seriously consider fixing. Whoever is running the program should have imposed a limit on the depth of recursive retreivals or the number of pages it would download. This is deffinitely a very silly thing on the part of the user. +--- | Brook Miles <forger@bcgrizzly.com> | A spec of cosmic dust... with attitude. +-------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9906042137200.15844-100000>