I get these all the time. I think this is a worm probing for HTTPd versions. I forget which worm in particular, but I am sure of this. I don't think this was publicized though. I got the same two probes from the same two hosts. Actually, they probe my HTTPd servers quite often. [Mon Jul 23 09:22:45 2001] [error] [client 168.160.233.104] Invalid URI in request GET x HTTP/1.0 168.160.233.104 - - [23/Jul/2001:09:22:46 -0400] "GET x HTTP/1.0" 400 352 211.137.65.157 - - [15/Jul/2001:17:59:17 -0400] "GET x HTTP/1.0" 400 352 Greg Owen wrote: > > Two of these showed up in my web server logs today: > > 202.100.68.22 - - [23/Jul/2001:11:58:37 -0400] "GET x HTTP/1.0" 400 328 > 202.99.64.113 - - [23/Jul/2001:17:23:44 -0400] "GET x HTTP/1.0" 400 328 > > inetnum 202.100.68.0 - 202.100.68.255 > netname FEITIAN-INTERNET-COMPANY > descr Feitian Internet Company > descr Lanzhou,Gansu > descr China > country CN > > inetnum 202.99.64.0 - 202.99.127.255 > netname CHINANET-TJ > descr CHINANET Tianjin province network > descr Data Communication Division > descr China Telecom > country CN > > A quick google search showed one other person wondering what it was and > commenting they mostly seemed to be china, and a bunch of server logs that > showed the same hit. > > Anybody know what this is? The source makes me wonder. > > -- > gowen -- Greg Owen -- gowenat_private > 79A7 4063 96B6 9974 86CA 3BEF 521C 860F 5A93 D66D > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- The events which transpired five thousand years ago; Five years ago or five minutes ago, have determined what will happen five minutes from now; five years From now or five thousand years from now. All history is a current event. - Dr John Henrik Clake - ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 08:05:19 PDT