[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "suspicious" apache log entries

Sounds like Code Red. We get a lot of these too, and
the Microsoft attacks don't do much to an Apache server :)


This one time, Michael Renzmann wrote:
> Hi all.
> While digging through the error.log of my apache I found two lines that 
> seem to hint toward a new (?) worm. I saw the first one some days ago, too:
> [Sat Aug 31 21:03:49 2002] [error] [client] request failed: 
> erroneous characters after protocol string: CONNECT 
> mailb.microsoft.com:25 / HTTP/1.0
> Looks like there is someone trying to abuse a proxy to connect to a SMTP 
> server?
> The second is a new one (which means I never saw it before). It appears 
> several times in the log, below I quoted the first appearance:
> [Sat Sep  7 05:33:20 2002] [error] [client] Client sent 
> malformed Host header
> Any idea what type of attack these lines give a hint about? I think 
> Apache is safe here, this most probably would be an attack against IIS 
> or something like that. But I would like to learn a little more about 
> those ones...
> Bye, Mike
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org

              .-"".__."``".   Anne Carasik, System Administrator
 .-.--. _...' (/)   (/)   ``'   gator at cacr dot caltech dot edu 
(O/ O) \-'      ` -="""=.    ',  Center for Advanced Computing Research    

Attachment: pgpEN6wyazMrt.pgp
Description: PGP signature

Reply to: