What HTTP exploit?

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): What HTTP exploit?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems to be another stupid Microsoft Exploit that just causes annoyance
for Unix Boxes. The ones on my boxes seem to be about 32K in size and have
been occurring for the past 2 months or more. The only side effect is they
fill my dmesg logs with signal 11's from apache crashing.

pid 74210 (httpd), uid 80: exited on signal 11
pid 19971 (httpd), uid 80: exited on signal 11
pid 19969 (httpd), uid 80: exited on signal 11
pid 19970 (httpd), uid 80: exited on signal 11

Etc.

-- Matthew

----- Original Message ----- 
From: "John Palmer (NANOG Acct)" <nanog at adns.net>
To: <nanog at merit.edu>
Sent: Sunday, May 30, 2004 4:43 PM
Subject: What HTTP exploit?


>
>
> Can anyone identify this http exploit? Seen in the apache logs:
>
> foo.bar.com
>  - - [30/May/2004:02:45:28 -0400] "SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
>
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1> etc - and it goes on for about 1200
bytes.
>
> Been getting an annoying number of these in my httpd logs today - it
botches up my log analyser program.
>
>

• Previous message (by thread): What HTTP exploit?
• Next message (by thread): What HTTP exploit?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]