Re: GET x HTTP/1.0

From: Phil Sorber (philat_private)
Date: Mon Jul 23 2001 - 21:40:10 PDT

Next message: jlewisat_private: "Re: GET x HTTP/1.0"

Previous message: Ronald Tse: "Re: CRv2 - Questions"
In reply to: Greg Owen: "GET x HTTP/1.0"
Next in thread: jlewisat_private: "Re: GET x HTTP/1.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i got these two:

207.86.139.153 - - [03/Jul/2001:22:47:34 -0400] "GET x HTTP/1.0" 400 379
"-" "-"
mail.ces.k12.ct.us - - [17/Jul/2001:15:13:09 -0400] "GET x HTTP/1.0" 400
379 "-" "-"

but what bothers me more is this:

209.239.229.210 - - [19/Jul/2001:18:05:05 -0400] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 375 "-" "-"

i've gotten 21 of them, mostly from ip's without reverse DNS. this is in
the past three days or so.

On Mon, 23 Jul 2001, Greg Owen wrote:

>
>     Two of these showed up in my web server logs today:
>
> 202.100.68.22 - - [23/Jul/2001:11:58:37 -0400] "GET x HTTP/1.0" 400 328
> 202.99.64.113 - - [23/Jul/2001:17:23:44 -0400] "GET x HTTP/1.0" 400 328
>
> inetnum              202.100.68.0 - 202.100.68.255
> netname              FEITIAN-INTERNET-COMPANY
> descr                Feitian Internet Company
> descr                Lanzhou,Gansu
> descr                China
> country              CN
>
> inetnum              202.99.64.0 - 202.99.127.255
> netname              CHINANET-TJ
> descr                CHINANET Tianjin province network
> descr                Data Communication Division
> descr                China Telecom
> country              CN
>
>     A quick google search showed one other person wondering what it was and
> commenting they mostly seemed to be china, and a bunch of server logs that
> showed the same hit.
>
>     Anybody know what this is?  The source makes me wonder.
>
> --
>         gowen -- Greg Owen -- gowenat_private
>         79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: jlewisat_private: "Re: GET x HTTP/1.0"
Previous message: Ronald Tse: "Re: CRv2 - Questions"
In reply to: Greg Owen: "GET x HTTP/1.0"
Next in thread: jlewisat_private: "Re: GET x HTTP/1.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 08:00:34 PDT