packdragon
IS-IT--Management
We hav a web server (behind a firewall) that has tons and tons of web log entries that look like this:
2004-02-18 00:15:37 66.12.130.190 - 172.16.201.65 80 SEARCH /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddddrfsmlgrpehggpdidjlfrjikljijljljskgkhjlipkgkjjgloqpidjndjjndfididjlddddddhdigssejlgslsskhfmlosljnddlopjlgpdelidloilsp
...
This actually goes on and on across numerous lines (I only copied a few lines so you get an idea of what I'm seeing). I'm guessing this is someone trying to do a buffer overflow on the web server? Entries like this happen over and over again.
My question is this: Is there some kind of monitoring software for Windows 2000 Server that can look for crap like this and deny access to the offending IP address? Kind of like locking out users who enter a bad password too many times.
- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
2004-02-18 00:15:37 66.12.130.190 - 172.16.201.65 80 SEARCH /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddddrfsmlgrpehggpdidjlfrjikljijljljskgkhjlipkgkjjgloqpidjndjjndfididjlddddddhdigssejlgslsskhfmlosljnddlopjlgpdelidloilsp
...
This actually goes on and on across numerous lines (I only copied a few lines so you get an idea of what I'm seeing). I'm guessing this is someone trying to do a buffer overflow on the web server? Entries like this happen over and over again.
My question is this: Is there some kind of monitoring software for Windows 2000 Server that can look for crap like this and deny access to the offending IP address? Kind of like locking out users who enter a bad password too many times.
- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
