Re: SEARCH attack

To: Robert Cates <robert@kormar.de>
Cc: debian-isp@lists.debian.org
Subject: Re: SEARCH attack
From: mimo <mimo@restoel.net>
Date: Mon, 07 Jun 2004 13:36:33 +0100
Message-id: <[🔎] 40C46151.2090006@restoel.net>
In-reply-to: <[🔎] 003601c44c73$ced370d0$0d01a8c0@kormar.net>
References: <[🔎] 003601c44c73$ced370d0$0d01a8c0@kormar.net>

Hi

I have noticed the same here -- have a look at this

http://216.239.59.104/search?q=cache:RA7huHM9tEoJ:forums.macosxhints.com/showthread.php%3Ft%3D22371+%22SEARCH+/%5Cx90%5Cx02&hl=en

I liked the rewrite solution to throw it to ms... ;)

Michael

Robert Cates wrote:

Hi,

I hoping somebody can both fill me in on what this SEARCH is all about, and
what I can/should do to stop it:

Every so often I find a very long request in my Apache access logs that
seems to be an attempted SEARCH ("SEARCH /\x90\x02\xb1\x02\xb1\x02\ ...").

1).  Is this a security problem (on a Linux server)?

2).  If so, how can I stop this?  I tried to stop it using a <Limit SEARCH>,
but a configtest told me that "SEARCH" was an undefined or unknown method.
I placed the <Limit SEARCH> within the <Directory /> container as well as
out on it's own in the config file.

3).  Is this a Windows platform issue?

4).  If so, how can I stop these attempts from filling up my access logs.

All info is greatly appreciated!

Thanks,
Robert



--
Please note that this account is being filtered using anti UCE systems. If you send email to this account make sure that it could not be mistaken as UCE.

Reply to:

Follow-Ups:
- Re: SEARCH attack
  - From: "Robert Cates" <robert@kormar.de>

References:
- SEARCH attack
  - From: "Robert Cates" <robert@kormar.de>

Prev by Date: Re: [PHP] safe mode bug ?
Next by Date: Re: SEARCH attack
Previous by thread: SEARCH attack
Next by thread: Re: SEARCH attack
Index(es):
- Date
- Thread