Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP attack looking for /sumthin ?

From: H C <keydet89 () yahoo com>
Date: Thu, 17 Oct 2002 13:15:55 -0700 (PDT)
What makes you think it's an attack?


--- jmaywood1975 () hushmail com wrote:


Does anyone have any ideas what attack this might
be?

Below shows 4 seperate potential attacks by 3
different hosts, this is all the activity in my logs
for those three hosts, nothing more anywhere related
to those three ip address.

It starts with a request for the directory /sumthin
maybe tries a header exploit by sending a VERSION
method?
and connects ssl.

My googling and mailing list searches dont turn
anything up about what this might be.

Anyone else see these hits for the /sumthin
directory or know what they might be?

Sorry for the long lines of log and wrap.

Cheers,

-----------------------------------------------
[philbo:/var/log/httpd] root# grep 205.221.242.1 *
access_combined_log:205.221.242.1 - -
[16/Oct/2002:16:14:23 -0400] "GET /sumthin HTTP/1.0"
404 201 "-" "-"

access_log:205.221.242.1 - - [16/Oct/2002:16:14:23
-0400] "GET /sumthin HTTP/1.0" 404 201

error_log:[Wed Oct 16 16:14:23 2002] [error] [client
205.221.242.1] File does not exist:
/home/webserver/Documents/sumthin

ssl_engine_log:[16/Oct/2002 16:14:23 26577] [info] 
Connection to child 4 established (server
philbo.stonecruz.com:443, client 205.221.242.1)

-------------------------------------------------
[philbo:/var/log/httpd] root# grep 62.233.149.2 *
access_combined_log:62.233.149.2 - -
[10/Oct/2002:14:30:55 -0400] "GET /sumthin HTTP/1.0"
404 201 "-" "-"

access_log:62.233.149.2 - - [10/Oct/2002:14:30:55
-0400] "GET /sumthin HTTP/1.0" 404 201

error_log:[Thu Oct 10 14:30:55 2002] [error] [client
62.233.149.2] File does not exist:
/home/webserver/Documents/sumthin

ssl_engine_log:[10/Oct/2002 14:30:54 26572] [info] 
Connection to child 0 established (server
philbo.stonecruz.com:443, client 62.233.149.2)

---------------------------------------------------
[philbo:/var/log/httpd] root# grep 205.150.215.204 *
access_combined_log:205.150.215.204 - -
[10/Oct/2002:05:21:17 -0400] "GET /sumthin HTTP/1.0"
404 201 "-" "-"

access_log:205.150.215.204 - - [01/Oct/2002:12:00:39
-0400] "VERSION" 501 -

access_log:205.150.215.204 - - [10/Oct/2002:05:21:17
-0400] "GET /sumthin HTTP/1.0" 404 201

error_log:[Tue Oct  1 12:00:39 2002] [error] [client
205.150.215.204] Invalid method in request VERSION

error_log:[Thu Oct 10 05:21:17 2002] [error] [client
205.150.215.204] File does not exist:
/home/webserver/Documents/sumthin

ssl_engine_log:[01/Oct/2002 12:00:38 15149] [info] 
Connection to child 3 established (server
philbo.stonecruz.com:443, client 205.150.215.204)

ssl_engine_log:[10/Oct/2002 05:21:17 26575] [info] 
Connection to child 2 established (server
philbo.stonecruz.com:443, client 205.150.215.204)





Get your free encrypted email at
https://www.hushmail.com



----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management 
and tracking system please see:
http://aris.securityfocus.com




__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: