|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nexus (nexus
patrol.i-way.co.uk)Date: Tue Feb 12 2002 - 11:17:18 CST
Hi folks,
Has anyone seen a request like this before ? It's either a l33t0 trick
or some seriously broken code; since I've never seen this sequence before I
was curious of anyone else has. This hit an sshd listening on port 80 btw,
source IP obviously changed ;-)
Cheers.
Feb 8 06:41:55 wulfgar sshd[7582]: Connection from 1.2.3.4 port 1787
Feb 8 06:41:55 wulfgar sshd[7582]: Bad protocol version identification
'http://%a:%p/,HEAD /' from 1.2.3.4
Feb 8 06:45:36 wulfgar sshd[7583]: Connection from 1.2.3.4 port 2281
Feb 8 06:45:36 wulfgar sshd[7584]: Connection from 1.2.3.4 port 2282
Feb 8 06:45:51 wulfgar sshd[7584]: Bad protocol version identification ''
from
1.2.3.4
Feb 8 06:55:41 wulfgar sshd[7583]: fatal: Timeout before authentication for
1.2.3.4
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]