RE: strange apache log entry

From: Kurc, Marcin A. (makurc@cooperstandard.com)
Date: 08/12/02 

From: "Kurc, Marcin A." <makurc@cooperstandard.com>
To: "'narga@gmx.net'" <narga@gmx.net>
Date: Mon, 12 Aug 2002 13:33:31 -0400

::1 = 127.0.0.1
ipv6 ipv4

nothing unusual, Apache is logging ipv6.

Marcin Kurc
CAD Systems Administrator
Cooper-Standard Automotive

-----Original Message-----
From: narga@gmx.net [mailto:narga@gmx.net]
Sent: Saturday, August 10, 2002 11:50 AM
To: incidents@securityfocus.com
Subject: strange apache log entry

Yesterday I saw this in my logs (apache 2.0.39 acces_log):
::1 - - [10/Aug/2002:00:25:56 +0200] "CONNECT :::2121 HTTP/1.1" 400 267
::1 - - [10/Aug/2002:00:33:31 +0200] "CONNECT :::2121 HTTP/1.1" 400 267

error_log:
[Sat Aug 10 00:25:56 2002] [error] [client ::1] request failed: error
reading the
headers
[Sat Aug 10 00:33:31 2002] [error] [client ::1] request failed: error
reading the
headers

It seems like someone wants to connect to my port 2121 through a proxy. The
strange
thing is, that there isn't any ip. My firewall (SuSEfirewall, an ipchains
based
firewall from suse), didn't log anything, snort didn't log anything too. I
wasn't
able to reproduce this by sending the request manually to port 80.

My question: is this a bug in apache, or what else happened? 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • strange apache log entry
    ... reading the ... It seems like someone wants to connect to my port 2121 through a proxy. ... is this a bug in apache, ...
    (Incidents)
  • Re: strange apache log entry
    ... > reading the ... > reproduce this by sending the request manually to port 80. ... is this a bug in apache, ...
    (Incidents)
  • Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1
    ... During some specific tests with our upcoming Web App Security Scanner tool, we have found that Apache would kindly accept HTML injection through "Expect" header. ... During a brief discussion with the gentle guys at security apache org, we had concluded that vulnerability cannot be trivially exploited and its exploitation focus would be client-side software. ... The software flaw, not being exploitable on common web browser scenario, can be used by malicious software distributors by appending malformed expect headers in outgoing HTTP requests. ...
    (Bugtraq)
  • Re: Internally generated spam - but from where?
    ... > apache using up 99% of my CPU. ... How can i track down what is causing ... > this single process to use up so much CPU? ... It's OT but you could start by reading apache's log files (assuming you ...
    (comp.mail.sendmail)
  • Re: Problem with compile_predicates/1 under SWI
    ... both IIS and Apache (under Windows) accepted my headers (that I ...
    (comp.lang.prolog)