He is obviously using a "tool" to do this, seeing how rapid the requests are, and the fact that hes been doing it pretty consistently over the past 17 hours... do any of you know what program he is using? I would think the logs would be a pretty tell tale sign of what he was using...
Also, if these attacks go on any longer, im going to want to take some kind of action against him. What steps would be plausable in this situation?
March 5th, 2003, 12:46 AM
Not completely sure, but this looks pretty much the same as another set of logs which have been posted just recently in another thread. You can find more information in the following threads:
Contact the person's ISP and give them the IP and the time table of the events. They'll choose their own course of action.
March 5th, 2003, 01:30 AM
It's a pretty basic Nimca/code red automated thing..... See it all the time on my boxes.... If you are patched... which you appear to be by the 404 error codes in the log you have nothing to worry about......
Complaining to the ISP will become a full time job..... If it's not a pain for you go ahead and send the logs..... But it will become a problem if you host web sites....