I see the usual attempts at running windows scripts, but one thing stumps me. I see this occasionally as well, from different addresses on the same subnet as me (64.x.x.x):
64.229.89.4 - - [07/Jun/2003:23:59:37 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u780 1%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53 ff%u0078%u0000%u00=a HTTP/1.0" 404 393 "-" "-"
it doesn't correspond with any "visitors" to the server.
I'm Googling now, but anyone know what this is?
-- Joehill
at a guess...malformed packet. Apache IIRC discards them at port entry. WIndows doesn't & tries to read it less you have zonealarm or another good firewall. Linux by itself will try to read it too. This results (with enough of them) in a crash of the OS.
This ofc assumes I'm correct. I also assume a spoofed IP addy from a script kiddy.
------------- FemmeFatale, aka The Skirt
Good Decisions Your boss Made: "We'll do as you suggest and go with Linux. I've always liked that character from Peanuts."
- Source: Dilbert
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
