Hi there,
since last week we´ve got a little problem with our Webserverfarm. We get some strange Request from some Dial-Up Accounts from Europe (T-Online; Telefonica; Orange...): Sep 21 22:47:35 logger: [Sun Sep 21 22:47:35 2008] [error] [client 87.183.65.xx] Invalid URI in request GET 347905 HTTP/1.0 Sep 21 22:47:35 logger: [Sun Sep 21 22:47:35 2008] [error] [client 87.183.65.xx] Invalid URI in request GET 341922 HTTP/1.0 This strange Request (GET 347905 HTTP/1.0 ) pass our Firewall (because it´s normal HTTP), goes to our Load balancer and then to our Webserver. Only 1 Client make about 80-100 strange Request per Minute and we get a peak on our Webserverfarm and finally after 5 Minutes the Webserver(s) get out of memory: Out of Memory: Kill process 12082 (apache) score 199722 and children. Out of memory: Killed process 19435 (apache). If we get a "DDOS" we make a tcpdump and count the IPs (maximum 8 Dial Up Accounts) to block them on our Firewall. I don´t find any about this strange request on Google or some security boards. Is this a new kind of DDOS or just kiddy stuff? If someone have some more information about this strange Request/DDOS it would be very nice if he can send this to me. Kind Regards -- Andre Braun, IT Manager Turtle Entertainment GmbH
