Security Incidents mailing list archives

Re: Which webserver exploit is this?

From: Fredrik Ostergren <fredrik.ostergren () FREEBOX COM>
Date: Wed, 26 Jul 2000 12:34:59 -0000

I got the same thing the other day.

his.ip.net - - [16/Jul/2000:20:21:10 -0500] "http://%a:%
p/,HEAD /" 501 -


But mine had a different error code (501) Anyone have a 
suggestion?

-Matthew

On Sat, 22 Jul 2000, Jaap wrote:

<FONT COLOR="#222255">> Hi,</FONT>
<FONT COLOR="#222255">></FONT>
<FONT COLOR="#222255">> I'm running a some Linux/apache 
webservers, and all of them have this</FONT>
<FONT COLOR="#222255">> somewhere in the logs. Now I don't 
mind ppl. trying things,</FONT>
<FONT COLOR="#222255">> but I would like to know what their 
trying.</FONT>
<FONT COLOR="#222255">></FONT>
<FONT COLOR="#222255">> Any ideas?</FONT>
<FONT COLOR="#222255">></FONT>
<FONT COLOR="#222255">> his.ip.net - - 
[21/May/2000:20:02:14 +0200] "http://%a:%p/,HEAD /" 403 -
</FONT>
<FONT COLOR="#222255">></FONT>
<FONT COLOR="#222255">> Grtz,</FONT>
<FONT COLOR="#222255">></FONT>
<FONT COLOR="#222255">> Jaap</FONT>
<FONT COLOR="#222255">></FONT>

Hi!
I'm not really "into" Windows/NT security but are you sure 
someone is trying to exploit the webserver?. Maybe there's 
a weird browser in the game or a portscan/OS detection 
tool?.

Cheers!

/ Fredrik.

Current thread:

Which webserver exploit is this? Jaap (Jul 22)
- <Possible follow-ups>
- Re: Which webserver exploit is this? The Incubus (Jul 24)
- Re: Which webserver exploit is this? Michael Cook (Jul 24)
  - Re: Which webserver exploit is this? Richard Bartlett (Jul 24)
- Re: Which webserver exploit is this? bruj0 Gandalf (Jul 25)
- Which webserver exploit is this? CLEARY Tom <Con> (Jul 25)
- Re: Which webserver exploit is this? Fredrik Ostergren (Jul 26)