From owner-freebsd-security  Sat Jul 21 14:31:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
	by hub.freebsd.org (Postfix) with ESMTP id 6501137B401
	for <freebsd-security@FreeBSD.ORG>; Sat, 21 Jul 2001 14:31:10 -0700 (PDT)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (smithi@localhost)
	by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id HAA02111;
	Sun, 22 Jul 2001 07:30:59 +1000 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Sun, 22 Jul 2001 07:30:59 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: nathan@salvation.unixgeeks.com
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: possible?
In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>
Message-ID: <Pine.BSF.3.96.1010722072306.28730C-100000@gaia.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 21 Jul 2001 nathan@salvation.unixgeeks.com wrote:

 >  okay, today i checked my apache logs this is what i got:
 > 
 > 195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNN
 > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
 > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
 > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u
 > 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53
 > 1b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 332
 > 
 > this same exact get request came from several different address as well. such
 > as: 128.138.105.172, 202.157.154.126, and a couple of others. any ideas? any
 > remote exploits in apache i've missed? i'm running Apache/1.3.19 Server..

Unless you happen to be running Microsoft IIS as your webserver, it's
just an ugly blob in the log .. we got a whole pile of them here too,
from all over the planet.  Don't bother chasing the IPs, they're more
likely  victims than villains.

Ian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message