Hi folks, Has anyone seen a request like this before ? It's either a l33t0 trick or some seriously broken code; since I've never seen this sequence before I was curious of anyone else has. This hit an sshd listening on port 80 btw, source IP obviously changed ;-) Cheers. Feb 8 06:41:55 wulfgar sshd[7582]: Connection from 1.2.3.4 port 1787 Feb 8 06:41:55 wulfgar sshd[7582]: Bad protocol version identification 'http://%a:%p/,HEAD /' from 1.2.3.4 Feb 8 06:45:36 wulfgar sshd[7583]: Connection from 1.2.3.4 port 2281 Feb 8 06:45:36 wulfgar sshd[7584]: Connection from 1.2.3.4 port 2282 Feb 8 06:45:51 wulfgar sshd[7584]: Bad protocol version identification '' from 1.2.3.4 Feb 8 06:55:41 wulfgar sshd[7583]: fatal: Timeout before authentication for 1.2.3.4 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 12 2002 - 09:58:01 PST