hello list, i found this in my access_log off my webserver: 140.127.181.170 - - [09/Jan/2002:18:49:00 +0100] "GET /default.ida?NNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN N NNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801% u909 0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8 b00% u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 323 can any off you please explain what happened. is it something to worry about? regards
Hi
Isn't that the 'Red Code' http call? , i have got many
logs like this, but Apache always respond a 404
(obviously, this kind of attack is a buffer overflow
-see the amount of 'N's to default.ida script- and i
think is planned to MS IIS, not apache, then, there
should be nothing to worry, only delete the hundreds
of logs like this!.)
logs stopped putting a zero length default.ida file on
the http root.
opinions?
regards
Leo
--- "G. Lautenbach"
hello list,
i found this in my access_log off my webserver:
140.127.181.170 - - [09/Jan/2002:18:49:00 +0100] "GET /default.ida?NNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
N NNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%
u909
0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8
b00% u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 323
can any off you please explain what happened. is it something to worry about?
regards
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
__________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
On Thursday 10 January 2002 06:37 am, Leonel Rivas wrote:
Hi Isn't that the 'Red Code' http call? , i have got many
logs stopped putting a zero length default.ida file on the http root. opinions?
That would be fine if the log space was all that was the problem. You could also firewall it off. But you still suffer the bandwidth utilization. You, could just put a virus infected file out there. (Here is where 15 people weigh in and say what a bad idea that is, and you should never take any action in self defense. Frankly that viewpoint has fallen into disrespect since Sept 11th.) -- _________________________________ John Andersen / Juneau Alaska
participants (3)
-
G. Lautenbach
-
John Andersen
-
Leonel Rivas