From owner-freebsd-security  Sat Jul 21 14:12:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salvation.unixgeeks.com (cc784475-b.scrmnt1.ca.home.com [65.5.73.160])
	by hub.freebsd.org (Postfix) with SMTP id 6FD2437B403
	for <freebsd-security@freebsd.org>; Sat, 21 Jul 2001 14:12:29 -0700 (PDT)
	(envelope-from nathan@salvation.unixgeeks.com)
Received: (qmail 12011 invoked by uid 1001); 21 Jul 2001 20:49:42 -0000
Date: 21 Jul 2001 20:49:42 -0000
Message-ID: <20010721204942.12010.qmail@salvation.unixgeeks.com>
From: nathan@salvation.unixgeeks.com
To: freebsd-security@freebsd.org
Subject: possible?
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


 okay, today i checked my apache logs this is what i got:

195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u
6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53
1b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 332

this same exact get request came from several different address as well. such
as: 128.138.105.172, 202.157.154.126, and a couple of others. any ideas? any
remote exploits in apache i've missed? i'm running Apache/1.3.19 Server..

thanks in advance,
nathan.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message