08-30-2012, 02:11 PM
Hi guys,
For a few weeks now my server is notifying me with around a hundred per day denied queries of the form:
Originating IPs, here portrayed as 99.999.99.99, are always two - which makes me believe it is either a script kiddie or an owned machine.
On a given day, each query has a different
I do not know what are these queries for, what threat could they represent to me (if any), nor what countermeasures to take. I could block the originating IPs, but I do not want to do this until I know what to do afterwards - that is, until I understand what is going on.
My experience has always been in local networks, and I can't find anything good in Google. Can anyone give me clues, info, or point me in the right direction?
For a few weeks now my server is notifying me with around a hundred per day denied queries of the form:
Hidden Content
Originating IPs, here portrayed as 99.999.99.99, are always two - which makes me believe it is either a script kiddie or an owned machine.
On a given day, each query has a different
[To see links please register here]
address, so there are around 100 different addresses each day. Some addresses are repeated in different days. It is never the address of my server - although if you can help me, you probably already knew this.I do not know what are these queries for, what threat could they represent to me (if any), nor what countermeasures to take. I could block the originating IPs, but I do not want to do this until I know what to do afterwards - that is, until I understand what is going on.
My experience has always been in local networks, and I can't find anything good in Google. Can anyone give me clues, info, or point me in the right direction?