Hi there, since last week we´ve got a little
problem with our Webserverfarm. We get some strange Request from some
Dial-Up Accounts from Europe (T-Online; Telefonica; Orange...): Sep 21 22:47:35 logger: [Sun Sep 21
22:47:35 2008] [error] [client 87.183.65.xx] Invalid URI in request GET 347905
HTTP/1.0 Sep 21 22:47:35 logger: [Sun Sep 21 22:47:35 2008] [error] [client
87.183.65.xx] Invalid URI in request GET 341922 HTTP/1.0 This strange Request (GET 347905
HTTP/1.0 ) pass our Firewall (because it´s normal HTTP), goes to our Load balancer
and then to our Webserver. Only 1 Client make about 80-100 strange
Request per Minute and we get a peak on our Webserverfarm and finally after 5
Minutes the Webserver(s) get out of memory: Out of Memory: Kill process 12082
(apache) score 199722 and children. Out of memory: Killed process 19435
(apache). If we get a "DDOS" we make a
tcpdump and count the IPs (maximum 8 Dial Up Accounts) to block them on our
Firewall. I don´t find any about this strange
request on Google or some security boards. Is this a new kind of DDOS or just kiddy
stuff? If someone have some more information about this strange Request/DDOS it
would be very nice if he can send this to me. Kind Regards -- Andre Braun, IT Manager Turtle Entertainment GmbH |