Security Basics mailing list archives
Re: strange httpd error log response
From: krispykringle () gentoo org
Date: Wed, 9 Jun 2004 17:30:49 -0400
This is clearly an attempt at exploiting a buffer overflow. I see quite a lot, and many are unidentified (though many are obvious year-old exploits for IIS). I have two suggestions: if it's a known vulnerability you know you are patched for, ignore it. Keep your server up to date, as always. If you don't recognize it, Google it and see if you find anything. If not, you can always try that request string yourself and see what happens. If your server doesn't crash or do anything else funny, you're good (bear in mind that if the string has malicious shell code embedded in it, it's best not to send that code while sending the buffer overflow, but by sending an overflow minus the code, you should still be able to tell if your server crashes, etc ;). Anyone, correct me if I'm wrong :) On Wed, Jun 09, 2004 at 05:28:59AM -0700, Ralph Brown wrote:
I have recently overhauled my server, and am now using Fedora Core 2. With it came the newest version of Logwatch, 5.1. I have used Logwatch with RH 9.X, and was very happy with it. After running Logwatch a few times, I am getting the following message (report to root). I do not understand it and wonder if it is a bug, setting error, or ? Please advise and/or explain. -------------------------------------------------- --------------------- httpd Begin ------------------------ A total of 4 unidentified 'other' records logged SEARCH / \x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 2 \xb1\x0... (this repeats numerous times...) --------------------------------------------------- Suggestions please. Thank you in advance! Ralph "Forget world peace... Try using your turnsignal" ~~~~~~~~~~~~~~~~~~~~ Ralph Brown rbrown () policing net--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- strange httpd error log response Ralph Brown (Jun 09)
- Re: strange httpd error log response Ricardo Oliva (Jun 09)
- Re: strange httpd error log response krispykringle (Jun 10)
- Re: strange httpd error log response Kenny Holden (Jun 10)
- Re: strange httpd error log response Alan McLean (Jun 10)
- Re: strange httpd error log response Arturas Zalenekas (Jun 10)
- Re: strange httpd error log response Gautam R. Singh (Jun 13)
- Re: strange httpd error log response Bugtraq - GS (Jun 11)