Security Basics mailing list archives
strange logs
From: jpc <jeempc () sbcglobal net>
Date: Thu, 08 Jul 2004 19:18:03 -0400
Has anyone seen this error (see below)in the apache log. It appears someone is trying to mess with my server. Notice how the ip changes from 69.209.152.51 to 69.192.139.207--this may be two different people I guess. The first ip is using the same provider as I am. My IP was 69.209.152.xxx at the time. This has been happening since the 4th. Any ideas? I googled the error message and couldn't find much. Here is some info on the ip's nmap 69.209.152.51 Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2004-07-08 15:54 EDT Interesting ports on adsl-69-209-152-51.dsl.sfldmi.ameritech.net (69.209.152.51): (The 1650 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 113/tcp open auth 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 559/tcp open teedtap 1025/tcp filtered NFS-or-IIS 5000/tcp open UPnP nmap 69.192.139.207 Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2004-07-08 16:04 EDT Interesting ports on CPE001095ca02cb-CM0010954a02cb.cpe.net.cable.rogers.com (69.192.139.207): (The 1642 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 80/tcp open http 113/tcp open auth 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 641/tcp open unknown 665/tcp open unknown 1025/tcp open NFS-or-IIS 1080/tcp filtered socks 1214/tcp open fasttrack 1434/tcp filtered ms-sql-m 3531/tcp open peerenabler 5000/tcp open UPnP I went to the site 69.192.139.207 with my browser and a blank page appeared. There seems to be a web server running on it. So I tried this... telnet 69.192.139.207 80 Trying 69.192.139.207... Connected to 69.192.139.207. Escape character is '^]'. GET index.htm HTTP/1.0 501 Not Implemented X-Kazaa-Username: Babie_Gurl X-Kazaa-Network: KaZaA X-Kazaa-IP: 69.192.139.207:2692 X-Kazaa-SupernodeIP: 69.70.73.172:2215 Who the hell is Babie_Gurl??? :) root@www:/var/log/apache# tail -f error_log | grep -v 'x90' [Thu Jul 8 15:19:36 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:22:44 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:30:55 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:33:39 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:37:05 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:41:01 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:41:26 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:43:17 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:47:41 2004] [error] [client 69.192.139.207] request failed: URI too long [Thu Jul 8 15:49:56 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:53:34 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:54:02 2004] [error] [client 69.209.152.51] request failed: URI too long root@www:/var/log/apache# tail -f error_log | grep -v 'x90' [Thu Jul 8 15:30:55 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:33:39 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:37:05 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:41:01 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:41:26 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:43:17 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:47:41 2004] [error] [client 69.192.139.207] request failed: URI too long [Thu Jul 8 15:49:56 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:53:34 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:54:02 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:58:41 2004] [error] [client 69.209.152.51] request failed: URI too long [Thu Jul 8 15:58:53 2004] [error] [client 69.209.152.51] request failed: URI too long ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- strange logs jpc (Jul 09)
- Re: strange logs Dave Dearinger (Jul 12)
- Re: strange logs flurdoing (Jul 12)
- Re: strange logs David Williams (Jul 13)