Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
David Wolfskill
david at catwhisker.org
Thu Oct 18 05:36:08 PDT 2007
Well, after seeing a bunch more of these "Invalid method in request"
log entries yesterday, I decided that the novelty had worn off, and I
was a bit tired of it. And I noticed that there was a fair amount of
repetition (in source IP addresses).
I already use a couple of IPFW tables for blocking certain traffic from
collections of netblocks: I block all traffic in either direction for
table 1 (that's reserved for netblocks whose custodians are
insufficiently responsive to abuse reports); I block all SSH requests
from table 2.
So I created a "table 3" for netblocks from which I now block 80/tcp and
443/tcp, and populated it with a list of the 45 unique /32s I found
from yesterday's log.
This appears to have reduced the impact on my Web server somewhat. :-}
(For those unfamiliar with the approach, IPFW tables in FreeBSD are
accessed in a way that is similar to the way routing tables are, so it's
more efficient to use them for large numbers of entries than it is to
use a simple list of separate packet-filtering rules.)
Peace,
david
--
David H. Wolfskill david at catwhisker.org
Proprietary data formats obfuscate, rather than disseminate, information.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.baylisa.org/pipermail/baylisa/attachments/20071018/4f4c2261/attachment.bin>
More information about the Baylisa
mailing list