Date: Wed, 16 Oct 2002 19:57:37 +1000 From: "Arkadi Kosmynin" <ank@ozinsight.com> To: "Andre Hall" <ahall@pcgameauthority.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: An attack? Does it happen to anybody else? Message-ID: <001501c274fa$79a64120$0200a8c0@anna> References: <200210151537.g9FFbrXx043467@inetworx.pcgameauthority.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I wish it were so. Ozway is software for ISPs only, not for home use. Even though it is freeware, it is hard to imagine that suddenly almost 200 copies were downloaded by 200 ISPs via the same IP address. ----- Original Message ----- From: "Andre Hall" <ahall@pcgameauthority.com> To: "Arkadi Kosmynin" <ank@ozinsight.com>; <freebsd-isp@FreeBSD.ORG> Sent: Wednesday, October 16, 2002 1:37 AM Subject: Re: An attack? Does it happen to anybody else? > What they are downloading seems to be publicly available on your > sight. I search Google for Ozway-401 and I was directed to your web > sight where I found this: > > > Product Name OzWay - Binary Enhanced Web Gateway > Great Introduction to the Usenet > > Download Files ozway-401.tar.gz > File Size : 771.66Kb > Version : 4.01 > Release Date: 11th Oct 2002 > > Other Files manual.php > > System Requirements > FreeBSD 4.6. > Linux RedHat 7.3. > Windows NT/2000/XP. > > Appears to be just a group of people who like your software. > > > > > > > > Thanks Benjamin, > > > > > > Sorry about neglecting to provide more complete information. It was > HTTP. > > The content is publicly available. All requests were like this: > > > > > > 212.160.201.118 - - [12/Oct/2002:05:09:07 -0500] "GET > > /client/ozum286.zip?Cache HTTP/1.0" 200 1757520 > > > > 213.17.138.154 - - [12/Oct/2002:05:09:13 -0500] "GET > > /client/ozum286.zip?Cache HTTP/1.0" 200 1339080 > > > > 195.210.137.130 - - [14/Oct/2002:08:09:22 -0500] "GET > > /download/ozway/ozway-401.tar.gz HTTP/1.0" 200 119838 > > > > I don't think this is an attack, really. Looks more like a virus or > a broken > > automatic downloader of some kind. This is why I would like to know > if it > > happened to anyone else. And the hosts don't seem to be closely > related. Two > > are from Poland and one from Russia. > > > > I ignored the first two incidents, but now it seems to be a > tendency... > > > > Arkadi. > > > > ----- Original Message ----- > > From: "Benjamin Krueger" <benjamin@seattlefenix.net> > > To: "Arkadi Kosmynin" <ank@ozinsight.com> > > Cc: <freebsd-isp@FreeBSD.ORG> > > Sent: Tuesday, October 15, 2002 9:02 PM > > Subject: Re: An attack? Does it happen to anybody else? > > > > > > > * Arkadi Kosmynin (ank@ozinsight.com) [021015 03:21]: > > > > Hi, > > > > > > > > > > > > There were 3 incidents of high volume downloading from our site > during > > the > > > > past week. I can't understand what is going on and would > appreciate any > > info > > > > on the issue. > > > > > > > > I checked our logs: > > > > > > > > Folks from 195.210.137.130 downloaded ~140MB of the same file. > > > > Folks from 212.160.201.118 ~ 350MB. > > > > Folks from 213.17.138.154 ~ 590MB. > > > > > > > > This hurts us. What can I do about it? > > > > > > > > > > > > Thanks, > > > > > > > > Arkadi. > > > > > > You neglect to mention what service (ftp, http?) this is > affecting, what > > they > > > were downloading, and whether the content is publicly available. > > Personally, I > > > never recommend that one assume every painful action on the > internet is > > malicious. > > > Often folks end up acting hostile in return, only to find that the > problem > > was > > > simply misconfigured software or a misguided server administrator. > > > > > > If it hurts, stop it. Block the hosts at the firewall, contact > the > > administrator > > > of those machines or that network space, remove or move the files, > use tcp > > wrappers > > > to lock them out, implement rate limiting, hide the content behind > a > > username and > > > password, or cry. All are reasonable options, and all but one are > > productive. > > > > > > -- > > > Benjamin Krueger > > > ---------------------------------------------------------------- > > > Send mail w/ subject 'send public key' or query for (0x251A4B18) > > > Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > -- > NeoMail - Webmail that doesn't suck... as much. > http://neomail.sourceforge.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001501c274fa$79a64120$0200a8c0>