tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Wed, 17 Apr 2013 12:49:30 GMT
On Tue, Apr 16, 2013 at 01:57:55PM -0300, chris derham wrote:
> > Or, another way of looking at this would be that for every 40 servers
> > scanned without a 404 delay, the same bot infrastructure within the same
> > time would only be able to scan 1 server if a 1 s 404 delay was implemented
> > by 50% of the webservers.
> 
> This assumes that the scanning software makes sequential requests.
> Assuming your suggestion was rolled out (which I think is a good idea
> in principal), wouldn't the scanners be updated to make concurrent
> async requests? At which point, you only end up adding 1 second to the
> total original time? Which kind of defeats it.
> 
> Again I'd like to state that I think you are onto a good idea, but the
> other important point is that some (most?) of these scans are run from
> botnets. These have zero cost (well for the bot farmers anyway). My
> point is even if the proposal worked, they don't care if their herd is
> held up a little longer - they are abusing other people
> computers/connections so it doesn't cost them anything directly.

Yes.  But someone *does* own the botted computers, and their own
operations are slightly affected.  I have wondered if there is some
way to make a bot so intrusive that many more owners will ask
themselves, "why is my computer so slow/weird/whatever?  I'd better
get it looked at.  Maybe I should install a virus scanner."  If bots
were killed at a much higher rate, that *would* affect the botnet
masters.  I have no idea how to make bots more visible by messing with
their attacks, just wondering.

Then again, my experience shows that when a computer slows down most
people either just live with the problem or buy a faster machine.  Ugh.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.

Mime
View raw message