Hi
Isn't that the 'Red Code' http call? , i have got many
logs like this, but Apache always respond a 404
(obviously, this kind of attack is a buffer overflow
-see the amount of 'N's to default.ida script- and i
think is planned to MS IIS, not apache, then, there
should be nothing to worry, only delete the hundreds
of logs like this!.)
logs stopped putting a zero length default.ida file on
the http root.
opinions?
regards
Leo
--- "G. Lautenbach"
hello list,
i found this in my access_log off my webserver:
140.127.181.170 - - [09/Jan/2002:18:49:00 +0100] "GET /default.ida?NNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
N NNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%
u909
0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8
b00% u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 323
can any off you please explain what happened. is it something to worry about?
regards
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
__________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/