Anyone seeing a lot of these in their webserver logs?
208.202.180.4 - - [18/Sep/2001:11:19:31 -0700] "-" 408 -
I'm attempting to pattern match this on my cisco so I can drop the packets
at the front door. I can't seem to get a good pattern. Firing up snoop
yields:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 262 arrived at 11:35:57.88
ETHER: Packet size = 60 bytes
ETHER: Destination = 8:0:20:9d:e1:8a, Sun
ETHER: Source = 0:1:96:24:c2:41,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 40 bytes
IP: Identification = 19380
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 122 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 5ca8
IP: Source address = 208.178.66.12, 208.178.66.12
IP: Destination address = 208.178.117.2, Espresso.NEEBU.Net
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 3082
TCP: Destination port = 80 (HTTP)
TCP: Sequence number = 1100924065
TCP: Acknowledgement number = 2712346555
TCP: Data offset = 20 bytes
TCP: Flags = 0x10
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 8760
TCP: Checksum = 0x6128
TCP: Urgent pointer = 0
TCP: No options
TCP:
HTTP: ----- HTTP: -----
HTTP:
HTTP: ""
HTTP:
0: 0800 209d e18a 0001 9624 c241 0800 4500 .. ......$.A..E.
16: 0028 4bb4 4000 7a06 5ca8 d0b2 420c d0b2 .(K.@.z.\...B...
32: 7502 0c0a 0050 419e c4a1 a1ab 1fbb 5010 u....PA.......P.
48: 2238 6128 0000 0000 0000 0000 "8a(........