Re: Strange entries in Apache access_log

From: Jose Nazario (joseat_private)
Date: Thu Aug 30 2001 - 10:58:11 PDT

Next message: Nick FitzGerald: "Re: new codered worm?"

Previous message: Ryan Russell: "Win32.Invalid.A@mm"
In reply to: Bart Haezeleer: "Strange entries in Apache access_log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 30 Aug 2001, Bart Haezeleer wrote:

> 64.225.196.160 - - [24/Aug/2001:21:02:21 +0200] "GET /NULL.printer
> HTTP/1.0" 404 280

http://www.eeye.com/html/Research/Advisories/AD20010501.html

Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM
Level Access)


> 63.251.5.46 - - [30/Aug/2001:09:20:04 +0200] "GET
> http://www.yahoo.com/index.html HTTP/1.1" 200 2890

some sort of screwup? the 200 return code is interesting ...

> Is this something to worry about?

not much. just a scanner.

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Nick FitzGerald: "Re: new codered worm?"
Previous message: Ryan Russell: "Win32.Invalid.A@mm"
In reply to: Bart Haezeleer: "Strange entries in Apache access_log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 10:42:22 PDT