Security Basics mailing list archives

Re: strange httpd error log response

From: "Gautam R. Singh" <gautam.singh () gmail com>
Date: Fri, 11 Jun 2004 12:29:23 +0530

Thats an IIS Exploit, Apache should be immune to it 

Gautam R. Singh


On Thu, 10 Jun 2004 06:50:00 +0200 (CEST), Arturas Zalenekas
<asilas () h3c de> wrote:


Yeah, that is a Web-DAV Exploit, but that is newer as the old one like
SEARCH /AAAAAAAAAAAAAAAAAAAAAAAAAAAAA.....

--
King Regards,
Arturas Zalenekas
Security Analyst

I have recently overhauled my server, and am now using Fedora Core 2.
With it came the newest version of Logwatch, 5.1. I have used Logwatch
 with RH 9.X, and was very happy with it.
After running Logwatch a few times, I am getting the following message
 (report to root). I do not understand it and wonder if it is a bug,
setting error, or ? Please advise and/or explain.
--------------------------------------------------
 --------------------- httpd Begin ------------------------
A total of 4 unidentified 'other' records logged
  SEARCH  /
\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2
\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
2 \xb1\x0... (this repeats numerous times...)
---------------------------------------------------
Suggestions please. Thank you in advance!
Ralph
"Forget world peace...
Try using your turnsignal"
~~~~~~~~~~~~~~~~~~~~
Ralph Brown
rbrown () policing net



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



-- 
Gautam R. Singh
PGP Key: http://gautam.techwhack.com/key/


NOTE: The information contained in this message is confidential and
intended only for the use of the individual or entity identified. If
the reader of this message is not the intended recipient, any
dissemination, distribution or copying of the information in this
message is strictly prohibited. If you have received this message by
error, please notify the sender immediately.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

strange httpd error log response Ralph Brown (Jun 09)
- Re: strange httpd error log response Ricardo Oliva (Jun 09)
- Re: strange httpd error log response krispykringle (Jun 10)
  - Re: strange httpd error log response Kenny Holden (Jun 10)
- Re: strange httpd error log response Alan McLean (Jun 10)
- Re: strange httpd error log response Arturas Zalenekas (Jun 10)
  - Re: strange httpd error log response Gautam R. Singh (Jun 13)
- Re: strange httpd error log response Bugtraq - GS (Jun 11)