Security Incidents mailing list archives
Re: foreign HTTP requests
From: hazard () FRANCOUDI COM (Vladimir Ivaschenko)
Date: Fri, 23 Jun 2000 09:45:43 +0300
Nicolas GREGOIRE wrote:
Here are the kinds of Host requested : 4 are trying to hit a host hosted on this web server (all "GET / HTTP/1.0"), 6 are trying to hit a host NOT hosted on this web server (all requesting non-existing documents on this server). Here are the kinds of User-Agent : 6 User-Agent like "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)", 1 User-Agent like "Mozilla/3.0 (compatible)", 1 User-Agent like "Mozilla (X11; I; Linux 2.0.32 i586)", => Yes, Linux ! 1 User-Agent like "Mozilla/4.72 [en] (Win98; U)", 1 User-Agent like "WebTrends Link Analyzer".
In my case, out of 8 requests: Mozilla/4.6 [en] (Win98; I) - 2 Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) - 3 Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) - 1 Mozilla/3.Mozilla/2.01 (Win95; I) - 1 << ??? Microsoft Internet Explorer/4.40.426 (Windows 95) - 1 << ??? What's more strange is that sometimes I get requests coming through ISPs proxies (running SQUID usually), with a Host: field pointing to a totally different server. Except for some kind of a DNS bug, I don't have any way to explain this so far. Sample request below. SERVER_NAME:www.some_other_host.com QUERY_STRING: 404;http://www.some_other_host.com/some_url/ Accept: application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, image/gif, mage/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us Host: www.some_other_host.com User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) Cookie: WDPERMID=04E0YG81E; WWTHREADID=4E0YVWW1 Proxy-Connection: Keep-Alive Accept-Encoding: gzip, deflate REMOTE_ADDR: proxy_ip REMOTE_HOST: proxy_ip REMOTE_PORT: 3051 HTTP_PROXY_CONNECTION: Keep-Alive HTTP_REFERER (forDirectCall): REQUEST_METHOD (forDirectCall): GET -- Best Regards Vladimir Ivaschenko Francoudi & Stephanou Ltd
Current thread:
- Re: foreign HTTP requests Daniel Dočekal (Jun 15)
- Re: foreign HTTP requests Nicolas GREGOIRE (Jun 16)
- <Possible follow-ups>
- Re: foreign HTTP requests Daniel Docekal (Jun 16)
- Re: foreign HTTP requests Nicolas GREGOIRE (Jun 20)
- Re: foreign HTTP requests Sevo Stille (Jun 20)
- Re: foreign HTTP requests Daniel Dočekal (Jun 20)
- Re: foreign HTTP requests Bjorn Djupvik (Jun 20)
- Re: foreign HTTP requests Nicolas GREGOIRE (Jun 22)
- Re: foreign HTTP requests Vladimir Ivaschenko (Jun 22)
- Re: foreign HTTP requests Bjorn Djupvik (Jun 23)
- 8.2.2-P5 stops answering queries? Daniel Ramirez (Jun 22)
- Re: 8.2.2-P5 stops answering queries? Kovacs Andrei (Jun 23)
- Re: 8.2.2-P5 stops answering queries? jose (Jun 23)
- Re: foreign HTTP requests Nicolas GREGOIRE (Jun 22)