Thanks for the reply.
They could be coming from zombie machines but SSH/telnet definitely not. As I stated in my original
email the new IP's used are declining most attacks are the same IP's over and over. Luckily the new
ones are easy to identify.
I generally know an attack is coming because there will be multiple hits from whois.sc and netcraft
then one or 2 of the IPs from the block list will show up in the server log. Within a hour I'll get
thousands of hits.
One attack lasted about 12 hours the same IP's over and over. The requests were all blocked and my
connection throttling prevented DOS but still the fact is they still came through the firewall and
the web server still had to deal with them which is what I'd like to prevent.
On Tue, 13 Sep 2005 09:36:55 -0500, Steve Yates wrote: