Security Incidents mailing list archives
Re: Strange entries in Apache access_log
From: Sven Koch <haegar () sdinet de>
Date: Sat, 1 Sep 2001 21:42:33 +0200 (CEST)
On Thu, 30 Aug 2001, Ryan Russell wrote:
63.251.5.46 - - [30/Aug/2001:09:20:04 +0200] "GET http://www.yahoo.com/index.html HTTP/1.1" 200 2890We get stuff like this every once in a while on our web servers. I don't know why. I imagine it could happen if someone's DNS got confused or modified... but I don't know what the point is.
This looks like the standard way to check if this box is an open proxy. But the returncode 200 is strange - our apache-boxes return 404 when trying this. c'ya sven -- The Internet treats censorship as a routing problem, and routes around it. (John Gilmore on http://www.cygnus.com/~gnu/) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Strange entries in Apache access_log Ryan Russell (Sep 01)
- Re: Strange entries in Apache access_log Sven Koch (Sep 02)
- Re: Strange entries in Apache access_log Ben Ford (Sep 02)
- <Possible follow-ups>
- Re: Strange entries in Apache access_log Jose Nazario (Sep 01)
- Re: Strange entries in Apache access_log //Stany (Sep 02)