これって所謂Dos攻撃？

何と云いますか、只管こんなログが残って居りました。

2024/12/11 09:44:20 (172.105.216.226)- "GET /menu.asp HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:20 (172.105.216.226)- "GET /start.jsa HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:21 (172.105.216.226)- "GET /admin.jsp HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:21 (172.105.216.226)- "GET /indice.jsa HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:21 (172.105.216.226)- "GET /indice.php HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:21 (172.105.216.226)- "GET /admin.jhtml HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:21 (172.105.216.226)- "GET /admin.html HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:21 (172.105.216.226)- "GET /menu.jhtml HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:22 (172.105.216.226)- "GET /admin.cgi HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:22 (172.105.216.226)- "GET /menu.jsp HTTP/1.1" 301 243 "-" "curl/7.54.0"
2024/12/11 09:44:22 (172.105.216.226)- "GET /index.shtml HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:20 (172.105.216.226)- "GET /menu.asp HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:20 (172.105.216.226)- "GET /start.jsa HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:21 (172.105.216.226)- "GET /admin.jsp HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:21 (172.105.216.226)- "GET /indice.jsa HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:21 (172.105.216.226)- "GET /indice.php HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:21 (172.105.216.226)- "GET /admin.jhtml HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:21 (172.105.216.226)- "GET /admin.html HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:21 (172.105.216.226)- "GET /menu.jhtml HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:22 (172.105.216.226)- "GET /admin.cgi HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:22 (172.105.216.226)- "GET /menu.jsp HTTP/1.1" 301 243 "-" "curl/7.54.0"

2024/12/11 09:44:22 (172.105.216.226)- "GET /index.shtml HTTP/1.1" 301 243 "-" "curl/7.54.0"

172-105-216-226.ip.linodeusercontent.comはIPinfoで見ると東京のサーバーらしいです。
IP調査兵団で見ても渋谷と出ます。
Googleで調べるとアカマイ・テクノロジーズ合同会社のホスティングサービスのipらしい。（良く判らん）
Apacheのログは1週間でローテートしてますので、未だ5日間位で117件は此のタイプのアクセスが同一ホストから発せられて居ます。
嫌がらせでしょうか？

他にもec2-52-15-151-201.us-east-2.compute.amazonaws.comとかtor-exit-46.for-privacy.net、hostedby.privatelayer.comとか居ました。
AmazonはRange毎.htaccessで弾き、for-privacy.netとhostedby.privatelayer.comはRange毎ip fillterで全面拒否としました。
ドイツとオランダは中国・ロシアに次ぎこんなのが多いんですよねぇ。あ、最後のはスイスらしいです。
ですから、見つけ次第ip range毎、拒否リストへポイです。

後Palo Alto Networks company何て所からこんな感じ。

2024-12-09 22:39:58 (198.235.24.220)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th
e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude
d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:40:01 (147.185.132.39)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th
e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude
d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:40:01 (198.235.24.45)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the
 global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded
 from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:40:01 (147.185.132.96)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th
e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude
d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:40:05 (147.185.132.102)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across t
he global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclud
ed from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:40:09 (198.235.24.32)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the
 global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded
 from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:40:18 (198.235.24.43)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the
 global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded
 from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:41:41 (198.235.24.253)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th
e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude
d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:42:01 (205.210.31.136)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th
e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude
d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
2024-12-09 22:43:15 (205.210.31.77)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the
 global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded
 from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:39:58 (198.235.24.220)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th

e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude

d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:40:01 (147.185.132.39)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th

e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude

d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:40:01 (198.235.24.45)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the

global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded

from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:40:01 (147.185.132.96)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th

e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude

d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:40:05 (147.185.132.102)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across t

he global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclud

ed from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:40:09 (198.235.24.32)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the

global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded

from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:40:18 (198.235.24.43)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the

global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded

from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:41:41 (198.235.24.253)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th

e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude

d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:42:01 (205.210.31.136)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across th

e global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be exclude

d from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

2024-12-09 22:43:15 (205.210.31.77)- "GET /main/ HTTP/1.1" 403 - "-" "Expanse, a Palo Alto Networks company, searches across the

global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded

from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

日本語のサイトに「パロアルトネットワークスは世界的なサイバーセキュリティにおけるリーダーです。」と書かれて居ますが、此れするのは意地悪ですよね。
一種のDos攻撃じゃ無いの？
何だか、火を付けたところに「消火しましょうか」と言い寄ってくる詐欺師の様に思えます。

ip.linodeusercontent.comは会社毎弾きましょうかねぇ。
国内だし、此の方だけにして置きますかねえ。
他にも使われている方が居そうですし。

これって所謂Dos攻撃？

関連

コメントを残すコメントをキャンセル

2024年12月
日	月	火	水	木	金	土
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31