作者 主題: http_ping  (閱讀 2694 次)

0 會員 與 1 訪客 正在閱讀本文。

Aeolus

  • 懷疑的國中生
  • **
  • 文章數: 36
  • 性別: 男
  • Aeolus
    • 檢視個人資料
http_ping
« 於: 2011-01-25 08:51 »
在 /var/log/apache2/access.log 中常看到這樣訊息...

網路上查得 http://panda.ks.edu.tw/http_ping.htm

是否在抓取網站所有資料?

如果是,是不是給封了好?

Thanks.
 
引用
211.79.61.8 - - [06/Jul/2010:03:13:15 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [02/Oct/2010:05:04:12 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [03/Oct/2010:04:51:19 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [04/Oct/2010:05:21:03 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [05/Oct/2010:05:23:31 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [06/Oct/2010:05:44:35 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [07/Oct/2010:05:33:51 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [08/Oct/2010:05:13:09 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [09/Oct/2010:05:50:36 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [10/Oct/2010:05:41:14 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [11/Oct/2010:05:36:53 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [12/Oct/2010:06:09:32 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [13/Oct/2010:06:29:19 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [14/Oct/2010:06:06:34 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [15/Oct/2010:06:05:52 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [16/Oct/2010:05:56:56 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [17/Oct/2010:05:27:12 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [11/Jan/2011:12:43:31 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [12/Jan/2011:13:00:14 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [13/Jan/2011:13:00:19 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [14/Jan/2011:12:32:47 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [15/Jan/2011:13:12:25 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [17/Jan/2011:10:39:51 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [18/Jan/2011:10:24:22 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [19/Jan/2011:09:29:51 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [20/Jan/2011:08:59:16 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [21/Jan/2011:07:52:49 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [22/Jan/2011:07:29:18 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [23/Jan/2011:06:22:47 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [24/Jan/2011:05:22:47 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"
211.79.61.8 - - [25/Jan/2011:05:06:37 +0800] "GET / HTTP/1.0" 302 3 "-" "http_ping"

211.79.61.8 -- IP information::
引用
address: No.7, R Road VI Hsinchu Science-Based Industrial Park(新竹科學工業園區)
address: Hsinchu, Taiwan , R.O.C
country: TW
« 上次編輯: 2011-01-25 08:54 由 Aeolus »

rainday

  • 鑽研的研究生
  • *****
  • 文章數: 738
  • 性別: 男
  • enhancing and optimizing
    • 檢視個人資料
回覆: http_ping
« 回覆 #1 於: 2011-01-25 13:00 »
tcpdump 看他有送出麼封包內容
<0  =_=  Don't learn to hack , hack to learn.

Aeolus

  • 懷疑的國中生
  • **
  • 文章數: 36
  • 性別: 男
  • Aeolus
    • 檢視個人資料
回覆: http_ping
« 回覆 #2 於: 2011-01-27 16:36 »

Aeolus

  • 懷疑的國中生
  • **
  • 文章數: 36
  • 性別: 男
  • Aeolus
    • 檢視個人資料
回覆: http_ping
« 回覆 #3 於: 2011-01-28 11:21 »
代碼: [選擇]
tcpdump -i ppp0 -AennqX  -w /var/log/tcpdump_211_79_61_8.log -c 1 'src host 211.79.61.8'
and

代碼: [選擇]
tcpdump -r /var/log/tcpdump_211_79_61_8.log
Got the data.

reading from file /var/log/tcpdump_211_79_61_8.log, link-type LINUX_SLL (Linux cooked)
引用
04:09:11.161015 IP proxy1.twaren.net.53153 > ipb.tw.www: S 10555165:10555165(0) win 5840 <mss 1460,sackOK,timestamp 3840313239 0,nop,wscale 7>

由上述資料及參考 http://linux.vbird.org/linux_server/0110network_basic.php#whatisnetwork_osi

(1)是否為 Layer 5會談層 (Session Layer), 這樣算惡意嗎?
(2)只設定記錄一筆,可否看出什端倪?
(2)設定沒指定port,是否即記錄全部 port?
Thanks.

twu2

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 5394
  • 性別: 男
    • 檢視個人資料
    • http://blog.teatime.com.tw/1
回覆: http_ping
« 回覆 #4 於: 2011-01-28 13:36 »
應該沒有人會用 http_ping 攻擊吧. 還都來自同一個 ip.

你確定這不是你們自己弄的嗎? 畢竟這東西通常都是用來檢查 httpd 是否還正常運作. 會檢查自家網站是否正常的, 通常也只有自己人吧.

alva

  • 活潑的大學生
  • ***
  • 文章數: 315
    • 檢視個人資料
回覆: http_ping
« 回覆 #5 於: 2011-01-31 11:32 »
事在人為, 如果很礙眼就給他封了(如果不影響)..

如果你的網站是公開, 基本上是給大家看, 那就放了他吧!... ;D