|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Which webserver exploit is this?
From: Michael Cook (michael
INK.ORG)Date: Sun Jul 23 2000 - 15:42:11 CDT
- Next message: Alexander Schreiber: "Re: Sudden increase in scans."
- Previous message: Aaron Kelley: "Re: Sudden increase in scans."
- In reply to: Matthew Breitenstine: "Re: Which webserver exploit is this?"
- Next in thread: Richard Bartlett: "Re: Which webserver exploit is this?"
- Reply: Michael Cook: "Re: Which webserver exploit is this?"
- Reply: Richard Bartlett: "Re: Which webserver exploit is this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 22 Jul 2000, Matthew Breitenstine wrote:
> his.ip.net - - [16/Jul/2000:20:21:10 -0500] "http://%a:%p/,HEAD /" 501 -
I have a similar entry appearing several days ago. It accompanied a very
noisy port scan (did a full connect scan to a wide range of ports on every
IP). I figured it was a misconfigured script being executed by some
k1ddi3z, with the %a and %p being substitute variables, like address and
port. I'm curious if anyone else knows what it is.
-- Michael Cook (michaelIgnorance is bliss; log to /dev/null.
- Next message: Alexander Schreiber: "Re: Sudden increase in scans."
- Previous message: Aaron Kelley: "Re: Sudden increase in scans."
- In reply to: Matthew Breitenstine: "Re: Which webserver exploit is this?"
- Next in thread: Richard Bartlett: "Re: Which webserver exploit is this?"
- Reply: Michael Cook: "Re: Which webserver exploit is this?"
- Reply: Richard Bartlett: "Re: Which webserver exploit is this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]