Security Incidents mailing list archives
Re: foreign HTTP requests
From: Vladimir Ivaschenko <hazard () FRANCOUDI COM>
Date: Wed, 26 Jul 2000 18:44:04 +0300
It seems that I have tracked this problem down - after I disabled keep-alive (IIS 5.0 on Windows 2000), I haven't got any wrong requests for several days now. Vladimir Ivaschenko wrote:
Nicolas GREGOIRE wrote:Here are the kinds of Host requested : 4 are trying to hit a host hosted on this web server (all "GET / HTTP/1.0"), 6 are trying to hit a host NOT hosted on this web server (all requesting non-existing documents on this server). Here are the kinds of User-Agent : 6 User-Agent like "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)", 1 User-Agent like "Mozilla/3.0 (compatible)", 1 User-Agent like "Mozilla (X11; I; Linux 2.0.32 i586)", => Yes, Linux ! 1 User-Agent like "Mozilla/4.72 [en] (Win98; U)", 1 User-Agent like "WebTrends Link Analyzer".In my case, out of 8 requests: Mozilla/4.6 [en] (Win98; I) - 2 Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) - 3 Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) - 1 Mozilla/3.Mozilla/2.01 (Win95; I) - 1 << ??? Microsoft Internet Explorer/4.40.426 (Windows 95) - 1 << ??? What's more strange is that sometimes I get requests coming through ISPs proxies (running SQUID usually), with a Host: field pointing to a totally different server. Except for some kind of a DNS bug, I don't have any way to explain this so far. Sample request below. SERVER_NAME:www.some_other_host.com QUERY_STRING: 404;http://www.some_other_host.com/some_url/ Accept: application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, image/gif, mage/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us Host: www.some_other_host.com User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) Cookie: WDPERMID=04E0YG81E; WWTHREADID=4E0YVWW1 Proxy-Connection: Keep-Alive Accept-Encoding: gzip, deflate REMOTE_ADDR: proxy_ip REMOTE_HOST: proxy_ip REMOTE_PORT: 3051 HTTP_PROXY_CONNECTION: Keep-Alive HTTP_REFERER (forDirectCall): REQUEST_METHOD (forDirectCall): GET -- Best Regards Vladimir Ivaschenko Francoudi & Stephanou Ltd
-- Best Regards Vladimir Ivaschenko Francoudi & Stephanou Ltd
Current thread:
- Re: foreign HTTP requests Vladimir Ivaschenko (Jul 26)