-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 19 Nov 2003 17:07:54 -0800 Ken Moffat <[EMAIL PROTECTED]> wrote:
> Anyone have a clue.... ? > > What is this, from my apache/access.log? > > 217.210.77.107 - - [19/Nov/2003:02:07:29 -0800] "SEARCH > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ > x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ > xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x > 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x > b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x0 > 2\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb > 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 > > [very large SNIP] > > x90\x90\x90\x90\x90" 414 337 "-" "-" > > This happened twice only this morning. Somewhere in that very large snip, you should have found something like: /bin/sh or command.exe or something. This is typical of a buffer overflow exploit. Ciao, David A. Bandel - -- Focus on the dream, not the competition. Nemesis Racing Team motto GPG key autoresponder: mailto:[EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/vBptj31PLQNUbV4RAr49AJ0ZkV15bZBsIdacy8TEdANoltuLxgCdFtOZ /dn57tIq9tUwk55DbDo89pc= =G7SQ -----END PGP SIGNATURE----- _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://smtp.linux-sxs.org/mailman/listinfo/linux-users