25 Oct
2002
25 Oct
'02
2:46 p.m.
I'm sure we've all seen our servers get scanned repeatedly for vulnerabilities in other systems. A quick check through the error logs show some obvious examples of this, including requests for: /_vti_bin /scripts /MSADC /MSOFFICE Etc, etc. Almost inevitably, these requests come in bursts, typically from the same IP. All of these calls are currently getting the customary 404, but I wonder if there's anything more intelligent or proactive to be done. I've thought about building myself a hosts-deny kind of solution using external methods, but I'm not sure that's necessarily going to save me very many cycles in the long run. Has anybody thought of a better way to handle this kind of stuff? TIA, Dylan