You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Jack L. Stone" <ja...@sage-one.net> on 2004/03/24 15:24:45 UTC
[users@httpd] New Intrusions
Dear List:
Has anyone see the type of request below and if so, what is it trying to do
-- and how do you stop it (besides blocking the IP)?
The sample below is only about 1-5% of one single request. The error return
of course is 414 -- URL too long.
Thanks for any help!
220.163.175.92 - - [23/Mar/2004:23:34:57 -0600] "SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
jackstone@sage-one.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] New Intrusions
Posted by "Eimantas \"EnC\" Vaičiūnas" <ei...@lietuvoje.lt>.
Hi
Jack L. Stone wrote:
>Dear List:
>
>The sample below is only about 1-5% of one single request. The error return
>of course is 414 -- URL too long.
>
>
No wonder :)
>Thanks for any help!
>
>220.163.175.92 - - [23/Mar/2004:23:34:57 -0600] "SEARCH
>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
>2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
>2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
>
>
Seems to me like a shell-code. Though could attacker be THAT stupid? I
get some 'too-long-uri's' when using phpMyAdmin, but at least i can read
some of URL there.
>Best regards,
>Jack L. Stone,
>Administrator
>
>SageOne Net
>http://www.sage-one.net
>jackstone@sage-one.net
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org