[NBLUG/talk] webserver abuse (OT response)

Ron Wickersham rjw at alembic.com
Mon Jan 24 16:52:08 PST 2005


On Mon, 24 Jan 2005, Bob Blick wrote:

---snip---

> that, and it was all from one ip address, 80.191.167.5 which was going

--snip---

> Does anyone have any ideas how best to do this, or links?

hi Bob,

looked at the address as you did and saw the Kerman Regional Electric
Company.  so just for fun went to a shell box remotely located and
telneted to port 80.

# telnet 80.191.167.5 80
Trying 80.191.167.5...
Connected to 80.191.167.5.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Tue, 25 Jan 2005 00:19:58 GMT
Server: Apache/2.0.52 (Fedora)
Last-Modified: Sat, 11 Dec 2004 09:20:04 GMT
ETag: "71dfb-5a46-93937900"
Accept-Ranges: bytes
Content-Length: 23110
Connection: close

and since it had a web server did a GET / and at the bottom what came up
had Toby Oetiker's sig for a MRTG page.

well figuring that's safe to look at, so had a look on a browser, and
there's 41 index graphs (that'll eat some serious perl cycles every 5
minutes cause all the .png's are rebuilt every 5 min - most would use
RRDTool for a collection that big so the graphs are built on demand only
when someone looks at them).   anyway, have a look and if enough of us
look then we'll use some bandwidth back ;-).

-ron

--
/~\  The ASCII Ribbon Campaign
\ /    No HTML/RTF in email
 X     No Word docs in email
/ \  Respect for open standards





More information about the talk mailing list