Re: Try to hack ?

To: debian-isp@lists.debian.org
Subject: Re: Try to hack ?
From: "Marek Isalski" <marek@faelix.net>
Date: Thu, 01 Jul 2004 11:05:58 +0100
Message-id: <[🔎] courier.40E3E206.0000491C@faelix.net>
In-reply-to: <[🔎] 20040701095453.GS11064@freenet.de>
References: <[🔎] 20040701095453.GS11064@freenet.de>

Michelle Konzack writes:

sinc 2004-06-14 I have following entries in my BOA-Log:
buffer overrun - read.c, read_header - closing

Could be somebody trying to exploit a recently discovered Apache headervulnerability. For instance: http://www.guninski.com/httpd1.html

malformed request: "CONNECT 82.96.96.3:802 HTTP/1.0"

That's a common one I see too -- people trying to use a HTTP server as aproxy to surf other sites or use your web server to relay spam. Not havinga proxy or clamping down with ACLs are your protection. Presumably, BOAlogged it as a malformed request because it doesn't support "CONNECT" httpproxying.

Marek

Reply to:

References:
- Try to hack ?
  - From: Michelle Konzack <linux4michelle@freenet.de>

Prev by Date: Re: lvm with raid
Next by Date: Re: lvm with raid
Previous by thread: ..might be trying to crack, was: Try to hack ?
Next by thread: Re: Which Spam Block List to use for a network?
Index(es):
- Date
- Thread