|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] (no subject)
From: Larry Wichman (larrywichman
yahoo.com)
Date: Mon Sep 12 2005 - 14:46:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hello all-
I am seeing several URL requests from one IP address (China) with the URL over and over
http://whateva.mydomain.comhttp://whateva.mydomain.comhttphttp://whateva.mydomain.com
httphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.
comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp
http://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp
This has triggered the following signature; WEB-MISC Invalid HTTP Version String
I read the description of the signature and it does not appear as though I am vulnerable to the exploit that is discussed. However, I am a bit concerned with the amount of requests (thousands). Does anyone have any ideas as to what type of exploit this could be?
Larry
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]