From owner-freebsd-questions@FreeBSD.ORG  Thu Apr  6 21:39:03 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@FreeBSD.ORG
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D6AEA16A406
	for <freebsd-questions@FreeBSD.ORG>;
	Thu,  6 Apr 2006 21:39:03 +0000 (UTC)
	(envelope-from fbsd_user@a1poweruser.com)
Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EBD5C43D5D
	for <freebsd-questions@FreeBSD.ORG>;
	Thu,  6 Apr 2006 21:38:59 +0000 (GMT)
	(envelope-from fbsd_user@a1poweruser.com)
Received: from barbish ([70.39.69.56]) by mta10.adelphia.net
	(InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP
	id <20060406213858.SADX23465.mta10.adelphia.net@barbish>
	for <freebsd-questions@FreeBSD.ORG>; Thu, 6 Apr 2006 17:38:58 -0400
From: "fbsd_user" <fbsd_user@a1poweruser.com>
To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG>
Date: Thu, 6 Apr 2006 17:39:00 -0400
Message-ID: <MIEPLLIBMLEEABPDBIEGAEECHEAA.fbsd_user@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Importance: Normal
Cc: 
Subject: web server attack
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: fbsd_user@a1poweruser.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2006 21:39:04 -0000

Posted this at 11am and now its 5:30pm and still have not seen this
post return from the list mailer. So posting it again.

In my httpd-access.log I have started receiving a lot of these.
Looks like some kind of attack to me.

This first showed up in my log on April fools day 4/1/06 and
get 4 per hour since then.

The IP address changes every time I add it to firewall rules to
block.

Does anyone know what this is and what I can do to stop it
besides adding the ip address to my firewall block rules?


218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400]
"\x04\x01" 200 0 "-" "-"
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400]
"\x05\x01" 200 0 "-" "-"
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400]
"CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-"
218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400]
"GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0
(compatible; MSIE 5.00; Windows 98)"