Full Disclosure mailing list archives
Odd logs
From: "Michael Linke" <ml () intract org>
Date: Wed, 4 Jun 2003 21:02:51 +0200
-----Ursprüngliche Nachricht----- Von: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] Im Auftrag von Mark Gesendet: Mittwoch, 4. Juni 2003 18:31 An: Lan Guy Cc: Scott M. Algatt; full-disclosure () lists netsys com The exert from my log files which had the same (but cant say it caused me any concern) dhpp.csudh.edu - - [01/Jun/2003:21:27:08 +0100] "CONNECT 1.3.3.7:1337 HTTP/1.0" 405 303 "-" "-"
Since long time I see something like this in my apache log files. The connect command means that anyone tries to use you http server for http tunnelling. But so long the access.log shows any error code like 405, 404, 400 or 407, so it is running fine. But in case that there is Status Code of 200, so you have to check you configuration. Here is a short collection of some strange log file entries. 80.181.x.x - - [03/Jun/2003:19:15:17 +0200] "GET /mod_ssl:error:HTTP-request HTTP/1.0" 400 520 195.214.x.x - - [15/May/2003:07:08:25 +0200] "-" 408 - 212.141.x.x - - [17/May/2003:12:43:03 +0200] "OPTIONS * HTTP/1.0" 403 268 193.127.x.x - - [19/May/2003:02:14:27 +0200] "HEAD / HTTP/1.1" 400 0 200.203.x.x - - [21/May/2003:11:07:44 +0200] "CONNECT cratosthenes.zen.co.uk:25 HTTP/1.0" 403 277 212.66.x.x - - [25/May/2003:04:15:25 +0200] "SEARCH / HTTP/1.1" 403 269 216.25.x.x - - [01/Jun/2003:09:29:03 +0200] "PROPFIND / HTTP/1.0" 403 268 217.45.x.x - - [01/Jun/2003:23:04:15 +0200] "GET /NULL.printer" 404 - Regards, Michael intract - any business anywhere Michael Linke Netzwerkadministrator Heilbronnerstr. 50 D-73728 Esslingen Germany Phone : +49 384 16297 50 Fax : +49 711 35152 89 mobile : +49 178 51 52 959 e-mail : ml () intract org ICQ : 141033973 webside: http://www.intract.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Odd logs, (continued)
- Re: Odd logs Gerd Feiner (Jun 04)
- RE: Odd logs Dave Killion (Jun 04)
- RE: Odd logs Scott M. Algatt (Jun 04)
- RE: Odd logs Hans Brederode (Jun 04)
- Re: Odd logs Muhammad Faisal Rauf Danka (Jun 04)
- Re: Odd logs morning_wood (Jun 04)
- Re: Odd logs Jeffrey H. Johnson (Jun 04)
- Re: Re: Odd logs Scott M. Algatt (Jun 04)
- Re: Re: Odd logs Gary E. Miller (Jun 04)
- Re: Re: Odd logs morning_wood (Jun 04)
- Re: Re: Odd logs Scott M. Algatt (Jun 04)
- Odd logs Michael Linke (Jun 04)