Just Give Me the Beans!
Have you experienced this attack to apache2?
It is in my apache2 log for every second. I have blocked the IP using iptables:Code:192.168.10.46 - - [21/May/2008:08:05:33 +0800] "HEAD / HTTP/1.0" 200 - "-" "WhatsUp/1.0"
Code:iptables -A INPUT -s 192.168.10.46 -j DROP iptables -A OUTPUT -d 192.168.10.46 -j DROP
but it can still access my apache server.
any suggestions for resolving this?
thanks in advance.
Banned
Erm... That is a non-routable IP so I think you're missing something. Furthermore, if you blocked it with IPtables, it wouldn't be able to hit apache anymore.
The whatsup tool is from http://www.ipswitch.com/
I highly doubt this is an intentional denial of service.
Without knowing more about your network topology, I wouldn't want to venture any more guesses.
Good luck
Just Give Me the Beans!
So you mean it's not a DOS attack? Then why it is accessing my apache server?
Chocolate-Covered Ubuntu Beans
From doing a quick google search on that user agent, tt appears that is generated by an Ipswitch product called WhatsUp, which is used for network monitoring. Someone on your lan using the product?
http://www.whatsupgold.com/
Just Give Me the Beans!
-
Last edited by cjtjamandra; May 21st, 2008 at 01:31 AM. Reason: wrong
Just Give Me the Beans!
We have several switches so i think someone is using that product. so is there any explanation why this program or software is accessing my web server (apache2) ?
Chocolate-Covered Ubuntu Beans
Sounds like a question for the people on your network who are using the application.
Cat lover
If you can pinpoint it to a particular machine, you might want to start asking questions. But be nice - there might be an innocent explanation.Originally Posted by cjtjamandra
Forum DOs and DON'Ts
Please use CODE tags
Including your email address in a post is not recommended
My Blog
Cat lover
BTW I'm aware of at least two meanings for the acronym "DOS" (Disk Operaging System and Denial Of Service) but the team here is probably aware of that. I remember being vaguely baffled at first by talk of "COM" files for Windows (again, more than one meaning, COMmand and COMponent)
p.s Please go easy on me - perhaps the literal-minded autistic side to my makeup is making a nuisance of itself
Forum DOs and DON'Ts
Please use CODE tags
Including your email address in a post is not recommended
My Blog
Just Give Me the Beans!
thanks for the clarifications.. now iam more aware about this WhatsUp thing.
what i have done is block that ip using iptables...
But iam still confused, can WhatsUp be used as a Denial of Service attack?
Posting Permissions
Adv Reply
Bookmarks