Security Incidents mailing list archives
Re: GET x HTTP/1.0
From: Phil Sorber <phil () ecsel psu edu>
Date: Tue, 24 Jul 2001 00:40:10 -0400 (EDT)
i got these two: 207.86.139.153 - - [03/Jul/2001:22:47:34 -0400] "GET x HTTP/1.0" 400 379 "-" "-" mail.ces.k12.ct.us - - [17/Jul/2001:15:13:09 -0400] "GET x HTTP/1.0" 400 379 "-" "-" but what bothers me more is this: 209.239.229.210 - - [19/Jul/2001:18:05:05 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 375 "-" "-" i've gotten 21 of them, mostly from ip's without reverse DNS. this is in the past three days or so. On Mon, 23 Jul 2001, Greg Owen wrote:
Two of these showed up in my web server logs today: 202.100.68.22 - - [23/Jul/2001:11:58:37 -0400] "GET x HTTP/1.0" 400 328 202.99.64.113 - - [23/Jul/2001:17:23:44 -0400] "GET x HTTP/1.0" 400 328 inetnum 202.100.68.0 - 202.100.68.255 netname FEITIAN-INTERNET-COMPANY descr Feitian Internet Company descr Lanzhou,Gansu descr China country CN inetnum 202.99.64.0 - 202.99.127.255 netname CHINANET-TJ descr CHINANET Tianjin province network descr Data Communication Division descr China Telecom country CN A quick google search showed one other person wondering what it was and commenting they mostly seemed to be china, and a bunch of server logs that showed the same hit. Anybody know what this is? The source makes me wonder. -- gowen -- Greg Owen -- gowen () swynwyr com 79A7 4063 96B6 9974 86CA 3BEF 521C 860F 5A93 D66D ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- GET x HTTP/1.0 Greg Owen (Jul 23)
- Re: GET x HTTP/1.0 Phil Sorber (Jul 24)
- Re: GET x HTTP/1.0 jlewis (Jul 24)
- Re: GET x HTTP/1.0 John (Jul 24)
- Re: GET x HTTP/1.0 Seth Milder (Jul 24)
- Re: GET x HTTP/1.0 Ross Oldbury (Jul 24)
- Re: GET x HTTP/1.0 dr john halewood (Jul 24)
- Re: GET x HTTP/1.0 Patryk Chmielewski (Jul 24)
- <Possible follow-ups>
- RE: GET x HTTP/1.0 Portnoy, Gary (Jul 24)