Security Incidents mailing list archives
Re: Which webserver exploit is this?
From: Michael Cook <michael () INK ORG>
Date: Sun, 23 Jul 2000 15:42:11 -0500
On Sat, 22 Jul 2000, Matthew Breitenstine wrote:
his.ip.net - - [16/Jul/2000:20:21:10 -0500] "http://%a:%p/,HEAD /" 501 -
I have a similar entry appearing several days ago. It accompanied a very noisy port scan (did a full connect scan to a wide range of ports on every IP). I figured it was a misconfigured script being executed by some k1ddi3z, with the %a and %p being substitute variables, like address and port. I'm curious if anyone else knows what it is. -- Michael Cook (michael () ink org) http://www2.ink.org/~michael/ Ignorance is bliss; log to /dev/null.
Current thread:
- Which webserver exploit is this? Jaap (Jul 22)
- <Possible follow-ups>
- Re: Which webserver exploit is this? The Incubus (Jul 24)
- Re: Which webserver exploit is this? Michael Cook (Jul 24)
- Re: Which webserver exploit is this? Richard Bartlett (Jul 24)
- Re: Which webserver exploit is this? bruj0 Gandalf (Jul 25)
- Which webserver exploit is this? CLEARY Tom <Con> (Jul 25)
- Re: Which webserver exploit is this? Fredrik Ostergren (Jul 26)