[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTTP break in attempt? (Buffer overrun?)

To: silug-discuss@silug.org
Subject: HTTP break in attempt? (Buffer overrun?)
From: SILUG <silug@bruneworld.tzo.com>
Date: Mon, 6 Aug 2001 20:04:05 -0500
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: owner-silug-discuss@silug.org

In my "access_log" file under /var/log/httpd, I find a LOT of lines
like this:

24.217.106.237 - - [06/Aug/2001:19:56:13 -0500] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 280 "-" "-"

Is this someone trying to do some funny "buffer overrun" stuff?  The IP address
is not always the same.

I'm wondering if this is the result of some stupid IIS server that's been infected by the "Code Red" virus.

There IS a matching entry in the "error_log" file for each try, so I don't think anything bad has happened.  Or do I need to change something?

Weird.

Charlie Brune
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: HTTP break in attempt? (Buffer overrun?)
  - From: Steven Pritchard <steve@silug.org>
- Re: HTTP break in attempt? (Buffer overrun?)
  - From: "Jason Smith" <jvsmith@midamer.net>
- Re: HTTP break in attempt? (Buffer overrun?)
  - From: Sean /The RIMBoy/ <sean@rimboy.com>

Prev by Date: Redhat 7.1, KDE, and VNC
Next by Date: Re: HTTP break in attempt? (Buffer overrun?)
Prev by thread: Re: Dell stops offering Red Hat on desktops
Next by thread: Re: HTTP break in attempt? (Buffer overrun?)
Index(es):
- Date
- Thread