Re: Unknown entry in Apache log
From: David (davidwnh_at_adelphia.net)
Date: 08/31/03
- Next message: David Magda: "Re: Why more than 1 hole in FW for IPSec"
- Previous message: Au Naturel Productions: "Re: National Security Backdoor in telnetd - all versions."
- In reply to: Peter Rehäußer: "Re: Unknown entry in Apache log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 31 Aug 2003 18:34:49 GMT
It looks like assembly code that is probably meant to try to exploit some
buffer overflow or other vulnerability known in specific versions of a
webserver on a specific OS platform. Might be from a canned script or
specifically targeted. Do you have any other log entries which might
indicate someone trying to fingerprint the machine or webserver? Or is this
seemingly random?
Your server returned a 400 error so by itself this is not a problem. If you
find more evidence that this IP is fingerprinting or trying a variety of
exploits you can always filter the IP address. In any case keep the server
up to date and do some research on this type of exploit. There are some
precautions you can take in addition to os and application patches to
further protect your system from these types of exploits.
>>
>> 200.154.128.74 - - [24/Aug/2003:18:50:39 -0400]
>> "\x92X\xf1\xef\xeb\xdf4\x86\b\t X" 400 -
>>
- Next message: David Magda: "Re: Why more than 1 hole in FW for IPSec"
- Previous message: Au Naturel Productions: "Re: National Security Backdoor in telnetd - all versions."
- In reply to: Peter Rehäußer: "Re: Unknown entry in Apache log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
