incubusSECURAX.ORG

• Next message: Rich Puhek: "Strange distributed scan/probe activity"
• Previous message: Michal Nazarewicz: "Re: I Was rooted"
• In reply to: Matthew Breitenstine: "Re: Which webserver exploit is this?"
• Next in thread: Michael Cook: "Re: Which webserver exploit is this?"
• Reply: The Incubus: "Re: Which webserver exploit is this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think it's a an error
some program is about to execute a HEAD / on your address (%a, a variable)
and : you port (%p, also a variable)
I mean, probably some programming language, (don't ask me wich, i only know
and *love* C) which will put an adress in %a and a portnumber (probably 80)
in %p.

Nothing, to worry about, another kiddie whois trying another mass scan
program.

Incubus

----- Oorspronkelijk bericht -----
Van: "Matthew Breitenstine" <matthewSTRANDED.ORG>
Aan: <INCIDENTSSECURITYFOCUS.COM>
Verzonden: zondag 23 juli 2000 0:52
Onderwerp: Re: Which webserver exploit is this?

> I got the same thing the other day.
>
> his.ip.net - - [16/Jul/2000:20:21:10 -0500] "http://%a:%p/,HEAD /" 501 -
>
>
> But mine had a different error code (501) Anyone have a suggestion?
>
> -Matthew
>
> On Sat, 22 Jul 2000, Jaap wrote:
>
> > Hi,
> >
> > I'm running a some Linux/apache webservers, and all of them have this
> > somewhere in the logs. Now I don't mind ppl. trying things,
> > but I would like to know what their trying.
> >
> > Any ideas?
> >
> > his.ip.net - - [21/May/2000:20:02:14 +0200] "http://%a:%p/,HEAD /" 403 -
> >
> > Grtz,
> >
> > Jaap
> >
>

• Next message: Rich Puhek: "Strange distributed scan/probe activity"
• Previous message: Michal Nazarewicz: "Re: I Was rooted"
• In reply to: Matthew Breitenstine: "Re: Which webserver exploit is this?"
• Next in thread: Michael Cook: "Re: Which webserver exploit is this?"
• Reply: The Incubus: "Re: Which webserver exploit is this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]