nanog mailing list archives
Re: What HTTP exploit?
From: "Matthew McGehrin" <mcgehrin () reverse net>
Date: Sun, 30 May 2004 17:05:11 -0400
It seems to be another stupid Microsoft Exploit that just causes annoyance for Unix Boxes. The ones on my boxes seem to be about 32K in size and have been occurring for the past 2 months or more. The only side effect is they fill my dmesg logs with signal 11's from apache crashing. pid 74210 (httpd), uid 80: exited on signal 11 pid 19971 (httpd), uid 80: exited on signal 11 pid 19969 (httpd), uid 80: exited on signal 11 pid 19970 (httpd), uid 80: exited on signal 11 Etc. -- Matthew ----- Original Message ----- From: "John Palmer (NANOG Acct)" <nanog () adns net> To: <nanog () merit edu> Sent: Sunday, May 30, 2004 4:43 PM Subject: What HTTP exploit?
Can anyone identify this http exploit? Seen in the apache logs: foo.bar.com - - [30/May/2004:02:45:28 -0400] "SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1> etc - and it goes on for about 1200 bytes.
Been getting an annoying number of these in my httpd logs today - it
botches up my log analyser program.
Current thread:
- What HTTP exploit? John Palmer (NANOG Acct) (May 30)
- RE: What HTTP exploit? Todd Mitchell - lists (May 30)
- Re: What HTTP exploit? Matthew McGehrin (May 30)
- Re: What HTTP exploit? Richard Welty (May 30)
- Re: What HTTP exploit? Suresh Ramasubramanian (May 30)
- <Possible follow-ups>
- Re: What HTTP exploit? Mike Nice (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)
- Re: What HTTP exploit? Laurence F. Sheldon, Jr. (May 31)
- Re: What HTTP exploit? Paul G (May 31)
- Re: What HTTP exploit? Bob Martin (May 31)
- Re: What HTTP exploit? Jason Dixon (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)