On 8/23/06, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
I am curious as to if this is possible that the three step of the TCP
connection is bypass somehow, or not completed when it is connecting
directly to the apache server on OpenBSD? I wouldn't think so, but may
be I am missing something or not understanding something here.
I am asking as I have what I would consider an attack to my web servers
that keep growing by the day and that started a few weeks ago. May be
something else as well, but with the logs I collected so far I would
think either an attack from a webbot network of some sort, or an attack
from a source of spoof IP's.
Why the last possibility? Well, I see always the same thing in the logs
where multiple sources are requesting all the same valid URL (shouldn't
be much traffic on it as it is 2+ years old) but this comes a lots.
No it's not possible to bypass the handshake. These must be zombie
hosts. Compromised Windows boxes go for 5cents, I hear. You should try
to figure out who would want to do this to you.
-Nick
