Security Incidents mailing list archives

Re: Strange entries in Apache access_log

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Thu, 30 Aug 2001 13:58:11 -0400 (EDT)

On Thu, 30 Aug 2001, Bart Haezeleer wrote:

64.225.196.160 - - [24/Aug/2001:21:02:21 +0200] "GET /NULL.printer
HTTP/1.0" 404 280


http://www.eeye.com/html/Research/Advisories/AD20010501.html

Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM
Level Access)

63.251.5.46 - - [30/Aug/2001:09:20:04 +0200] "GET
http://www.yahoo.com/index.html HTTP/1.1" 200 2890


some sort of screwup? the 200 return code is interesting ...

Is this something to worry about?


not much. just a scanner.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: Strange entries in Apache access_log Ryan Russell (Sep 01)
- Re: Strange entries in Apache access_log Sven Koch (Sep 02)
- Re: Strange entries in Apache access_log Ben Ford (Sep 02)
- <Possible follow-ups>
- Re: Strange entries in Apache access_log Jose Nazario (Sep 01)
  - Re: Strange entries in Apache access_log //Stany (Sep 02)