What HTTP exploit?
Richard Welty
rwelty at averillpark.net
Sun May 30 23:57:54 UTC 2004
On Sun, 30 May 2004 15:43:58 -0500 "John Palmer (NANOG Acct)" <nanog at adns.net> wrote:
> Can anyone identify this http exploit? Seen in the apache logs:
> foo.bar.com
> - - [30/May/2004:02:45:28 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
> x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
> 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
> xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1
> etc - and it goes on for about 1200 bytes.
> Been getting an annoying number of these in my httpd logs today - it botches up my log analyser program.
i just installed the following in my apache configs to get rid of it:
# control logging
SetEnvIf Request_URI "^/default.ida?" dontlog
SetEnvIf Request_Method "SEARCH" dontlog
and then later on...
CustomLog /var/log/httpd/access_log combined env=!dontlog
between the two of them, they were consuming an absurd amount
of space in my /var/log partitions.
richard
--
Richard Welty rwelty at averillpark.net
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
More information about the NANOG
mailing list