Re: [security-elvandar] "access_log?hello" ?

• Previous message: Christine Kronberg: ""access_log?hello" ?"
• In reply to: Christine Kronberg: ""access_log?hello" ?"
• Next in thread: Salvatore Poliandro: "Re: [security-elvandar] "access_log?hello" ?"
• Next in thread: Dave Paris: "Re: Port 0 packets"
• Reply: Salvatore Poliandro: "Re: [security-elvandar] "access_log?hello" ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I dont recognise this as a particular script that is running against 
your host.
Although it could be a custom made script that just sends a lot of 
characters (or a lot of hello's)
to your host, trying to overflow it.

My best guess is that it's the overflow option,
But i am interested now.. so when anyone else has a opinion...

Cheers

Kind regards,

Remko Lodder

Christine Kronberg wrote:

>  Hi,
>
>
>  Checking the logfiles of my private webserver this morning I
>  see the following entries.
>  It looks lile some playchild tried an buffer overflow but I
>  don't remember seeing anything connected to access_log files.
>  Google didn't help. Has anyone else this kind of requests?
>  Or an idea what the result of this request should be?
>
>12.221.111.178 - - [25/Jul/2003:12:40:29 +0200] "HEAD
>/logs/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello
>HTTP/1.0" 404 -
>12.221.111.178 - - [25/Jul/2003:12:40:29 +0200] "HEAD
>/logs/active/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello
>HTTP/1.0" 404 -
>12.221.111.178 - - [25/Jul/2003:12:40:30 +0200] "HEAD
>/access_log?hellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohellohello
>HTTP/1.0" 404 -
>
>  Cheers,
>
>
>                                             Chris Kronberg.
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>  
>



---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Eric Appelboom: "RE: Exploit for Windows RPC may be in the wild!"
• Previous message: Christine Kronberg: ""access_log?hello" ?"
• In reply to: Christine Kronberg: ""access_log?hello" ?"
• Next in thread: Salvatore Poliandro: "Re: [security-elvandar] "access_log?hello" ?"
• Next in thread: Dave Paris: "Re: Port 0 packets"
• Reply: Salvatore Poliandro: "Re: [security-elvandar] "access_log?hello" ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 27 2003 - 12:39:42 PDT