Welcome! Log In Create A New Profile

Advanced

can't replicate/block portscanner

Previous Message Next Message
Forum List Message List New Topic Print View
Jonathan Vanasco
December 09, 2016 06:30PM
I got hit with a portscanner a few minutes ago, which caused an edge-case I can't repeat.

the access log looks like this:

94.102.48.193 - [09/Dec/2016:22:15:03 +0000][_] 500 "GET / HTTP/1.0" 10299 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" cookies="-"

the server block was:

server {
listen 80 default_server;
server_name _;
...
}

but there is another ip block:

server { listen 80;
server_name ~^[0-9.]*$;
}


i can't figure out how to duplicate this request. the 500 was triggered, because the upstream application server didn't get find a "HTTP_HOST" environment variable set up, and i'd like to protect against this.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

can't replicate/block portscanner

Jonathan Vanasco December 09, 2016 06:30PM

Re: can't replicate/block portscanner

Robert Paprocki December 09, 2016 07:10PM

Re: can't replicate/block portscanner

Jonathan Vanasco December 09, 2016 07:48PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

dumbell
Guests: 178
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready