Security Incidents mailing list archives

Re: Strange entries in Apache access_log

From: Sven Koch <haegar () sdinet de>
Date: Sat, 1 Sep 2001 21:42:33 +0200 (CEST)

On Thu, 30 Aug 2001, Ryan Russell wrote:

63.251.5.46 - - [30/Aug/2001:09:20:04 +0200] "GET
http://www.yahoo.com/index.html HTTP/1.1" 200 2890


We get stuff like this every once in a while on our web servers.  I don't
know why.  I imagine it could happen if someone's DNS got confused or
modified... but I don't know what the point is.


This looks like the standard way to check if this box is an open proxy.

But the returncode 200 is strange - our apache-boxes return 404 when
trying this.

c'ya
sven

-- 

The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: Strange entries in Apache access_log Ryan Russell (Sep 01)
- Re: Strange entries in Apache access_log Sven Koch (Sep 02)
- Re: Strange entries in Apache access_log Ben Ford (Sep 02)
- <Possible follow-ups>
- Re: Strange entries in Apache access_log Jose Nazario (Sep 01)
  - Re: Strange entries in Apache access_log //Stany (Sep 02)