Sounds like Code Red. We get a lot of these too, and
the Microsoft attacks don't do much to an Apache server :)
-Anne
This one time, Michael Renzmann wrote:
> Hi all.
>
> While digging through the error.log of my apache I found two lines that
> seem to hint toward a new (?) worm. I saw the first one some days ago, too:
>
> [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed:
> erroneous characters after protocol string: CONNECT
> mailb.microsoft.com:25 / HTTP/1.0
>
> Looks like there is someone trying to abuse a proxy to connect to a SMTP
> server?
>
>
> The second is a new one (which means I never saw it before). It appears
> several times in the log, below I quoted the first appearance:
>
> [Sat Sep 7 05:33:20 2002] [error] [client 202.224.228.106] Client sent
> malformed Host header
>
> Any idea what type of attack these lines give a hint about? I think
> Apache is safe here, this most probably would be an attack against IIS
> or something like that. But I would like to learn a little more about
> those ones...
>
> Bye, Mike
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgp10WnL4uus2.pgp
Description: PGP signature