tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pïd stèr <...@pidster.com>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Tue, 16 Apr 2013 17:55:42 GMT
On 16 Apr 2013, at 17:58, chris derham <chris@derham.me.uk> wrote:

>> Or, another way of looking at this would be that for every 40 servers
>> scanned without a 404 delay, the same bot infrastructure within the same
>> time would only be able to scan 1 server if a 1 s 404 delay was implemented
>> by 50% of the webservers.
>
> This assumes that the scanning software makes sequential requests.
> Assuming your suggestion was rolled out (which I think is a good idea
> in principal), wouldn't the scanners be updated to make concurrent
> async requests? At which point, you only end up adding 1 second to the
> total original time? Which kind of defeats it.
>
> Again I'd like to state that I think you are onto a good idea, but the
> other important point is that some (most?) of these scans are run from
> botnets. These have zero cost (well for the bot farmers anyway). My
> point is even if the proposal worked, they don't care if their herd is
> held up a little longer - they are abusing other people
> computers/connections so it doesn't cost them anything directly.
>
> Sorry but those are my thoughts

I tend to agree. Effort will just be expended elsewhere, and that's
assuming this would have enough of an impact to be noticed.


p



>
> Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message