-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 19 Nov 2003 17:07:54 -0800
Ken Moffat <[EMAIL PROTECTED]> wrote:
> Anyone have a clue.... ?
>
> What is this, from my apache/access.log?
>
> 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] "SEARCH
> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
> x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
> xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x
> 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
> b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0
> 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
> 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1
>
> [very large SNIP]
>
> x90\x90\x90\x90\x90" 414 337 "-" "-"
>
> This happened twice only this morning.
Somewhere in that very large snip, you should have found something like:
/bin/sh or command.exe or something. This is typical of a buffer
overflow exploit.
Ciao,
David A. Bandel
- --
Focus on the dream, not the competition.
Nemesis Racing Team motto
GPG key autoresponder: mailto:[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/vBptj31PLQNUbV4RAr49AJ0ZkV15bZBsIdacy8TEdANoltuLxgCdFtOZ
/dn57tIq9tUwk55DbDo89pc=
=G7SQ
-----END PGP SIGNATURE-----
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://smtp.linux-sxs.org/mailman/listinfo/linux-users
