Somebody know the reason that Apache did nmap, grep & uname ? and what's wrong with the apache? There's nothings special in access_log with same IP. Please help! Copy from apache error_log [Wed Sep 24 21:05:56 2003] [info] [client 61.10.230.187] (104)Connection reset by peer: client stopped connection before send mmap completed [Wed Sep 24 21:08:31 2003] [error] [client 203.218.78.248] File does not exist: /home/free/hkmu/public_html/favicon.ico [Wed Sep 24 21:10:24 2003] [info] [client 203.83.101.121] send mmap timed out [Wed Sep 24 21:42:07 2003] [error] [client 203.198.18.167] File does not exist: /home/free/hkmu/public_html/favicon.ico [Wed Sep 24 21:54:09 2003] [error] [client 66.150.40.80] File does not exist: /home/free/hkmu/public_html/robots.txt [Wed Sep 24 22:01:05 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:13 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:15 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:27 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:33 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:36 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:40 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:43 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:49 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped conneuname: write error: Broken pipe grep: write error: Broken pipe uname: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe [Wed Sep 24 22:36:13 2003] [error] [client 192.168.0.64] File does not exist: /home/web/hks grep: write error: Broken pipe uname: write error: Broken pipe grep: write error: Broken pipe [Wed Sep 24 23:06:54 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web uname: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe [Wed Sep 24 23:40:32 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web grep: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe [Thu Sep 25 00:03:08 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web grep: write error: Broken pipe [Thu Sep 25 01:32:43 2003] [error] [client 192.168.0.64] File does not exist: /home/web/hks [Thu Sep 25 02:09:12 2003] [error] [client 202.130.22.251] File does not exist: /srv/www/htdocs/default.ida [Thu Sep 25 02:10:28 2003] [error] [client 192.168.0.64] File does not exist: /home/web/hks [Thu Sep 25 02:15:49 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web grep: write error: Broken pipe ction before send mmap completed [Wed Sep 24 22:02:52 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:24:40 2003] [error] [client 66.196.65.40] File does not exist: /home/free/hkmu/public_html/robots.txt [Wed Sep 24 22:26:34 2003] [info] [client 203.83.101.80] (104)Connection reset by peer: client stopped connection before send mmap completed [Wed Sep 24 22:26:35 2003] [info] [client 203.83.101.80] (104)Connection reset by peer: client stopped connection before send mmap completed [Wed Sep 24 22:56:08 2003] [info] [client 202.64.243.187] (104)Connection reset by peer: client stopped connection before rwrite completed [Wed Sep 24 23:01:11 2003] [info] [client 202.64.243.187] (104)Connection reset by peer: client stopped connection before rwrite completed -- Marco Lum Net Service Manager ___________________________________________________________________________________________ System Development Service Inter/Intra/Local-Area Networking Service VOICE: +852 2851 1190 FAX : +852 2851 1109 Email: enquiry@hkservice.com WWWeb: http://www.hkservice.com HK Service Company HK Service Consultants Limited
actually, it's not N M A P (the scanning program), but M M A P (an Apache extension): http://linux.maruhn.com/sec/perl-apache-mmap.html ----- Original Message ----- From: "Marco Lum" <marco@hkservice.com> To: <suse-security@suse.com> Sent: Thursday, September 25, 2003 6:23 AM Subject: [suse-security] nmap from apache????
Somebody know the reason that Apache did nmap, grep & uname ? and what's wrong with the apache? There's nothings special in access_log with same IP.
Please help!
Copy from apache error_log [Wed Sep 24 21:05:56 2003] [info] [client 61.10.230.187] (104)Connection reset by peer: client stopped connection before send mmap completed [Wed Sep 24 21:08:31 2003] [error] [client 203.218.78.248] File does not exist: /home/free/hkmu/public_html/favicon.ico [Wed Sep 24 21:10:24 2003] [info] [client 203.83.101.121] send mmap timed out [Wed Sep 24 21:42:07 2003] [error] [client 203.198.18.167] File does not exist: /home/free/hkmu/public_html/favicon.ico [Wed Sep 24 21:54:09 2003] [error] [client 66.150.40.80] File does not exist: /home/free/hkmu/public_html/robots.txt [Wed Sep 24 22:01:05 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:13 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:15 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:27 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:33 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:36 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:40 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:43 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:01:49 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped conneuname: write error: Broken pipe grep: write error: Broken pipe uname: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe [Wed Sep 24 22:36:13 2003] [error] [client 192.168.0.64] File does not exist: /home/web/hks grep: write error: Broken pipe uname: write error: Broken pipe grep: write error: Broken pipe [Wed Sep 24 23:06:54 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web uname: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe [Wed Sep 24 23:40:32 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web grep: write error: Broken pipe grep: write error: Broken pipe grep: write error: Broken pipe [Thu Sep 25 00:03:08 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web grep: write error: Broken pipe [Thu Sep 25 01:32:43 2003] [error] [client 192.168.0.64] File does not exist: /home/web/hks [Thu Sep 25 02:09:12 2003] [error] [client 202.130.22.251] File does not exist: /srv/www/htdocs/default.ida [Thu Sep 25 02:10:28 2003] [error] [client 192.168.0.64] File does not exist: /home/web/hks [Thu Sep 25 02:15:49 2003] [error] [client 192.168.0.64] File does not exist: /home/web/web grep: write error: Broken pipe ction before send mmap completed [Wed Sep 24 22:02:52 2003] [info] [client 66.150.40.60] (32)Broken pipe: client stopped connection before send mmap completed [Wed Sep 24 22:24:40 2003] [error] [client 66.196.65.40] File does not exist: /home/free/hkmu/public_html/robots.txt [Wed Sep 24 22:26:34 2003] [info] [client 203.83.101.80] (104)Connection reset by peer: client stopped connection before send mmap completed [Wed Sep 24 22:26:35 2003] [info] [client 203.83.101.80] (104)Connection reset by peer: client stopped connection before send mmap completed [Wed Sep 24 22:56:08 2003] [info] [client 202.64.243.187] (104)Connection reset by peer: client stopped connection before rwrite completed [Wed Sep 24 23:01:11 2003] [info] [client 202.64.243.187] (104)Connection reset by peer: client stopped connection before rwrite completed
-- Marco Lum Net Service Manager
____________________________________________________________________________ _______________
System Development Service Inter/Intra/Local-Area Networking Service
VOICE: +852 2851 1190 FAX : +852 2851 1109 Email: enquiry@hkservice.com WWWeb: http://www.hkservice.com
HK Service Company HK Service Consultants Limited
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi! Marco Lum schrieb:
Somebody know the reason that Apache did nmap, grep & uname ? and what's wrong with the apache? There's nothings special in access_log with same IP.
Please help!
Copy from apache error_log [Wed Sep 24 21:05:56 2003] [info] [client 61.10.230.187] (104)Connection reset by peer: client stopped connection before send mmap completed
Don't know whats actually running on your server, but it is mmap and not nmap.... mmap is from an Apache module: perl-Apache-Mmap-xxxxxx Apache Mmap provides a facility for using the mmap system call to have the OS map a file into a process' address space. Two interfaces are provided: - mmap and munmap methods which provide a persistant caching mechanisim similar to that provided by Apache::DBI for database handles. - A set of methods which implement the TIESCALAR interface allowing a scalar variable to be tied to a mapped region of memory. Reading or writing to the tied scalar accesses the mapped buffer. Bye, Uli
participants (3)
-
Marco Lum -
Radu Voicu -
Ulrich Klenk