httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: access & error logs -- attempted crack?
Date Mon, 15 Jul 2002 06:12:06 GMT
Sorry for not replying soner. The 6667 stuff do really puzzle me, and I
doubt I will be able to give you any answer.
What we see is, that something (on 207.114.6.10) connected to yourip:80 and
sent Apache a request like:
"CONNECT 207.114.6.11:6667 HTTP/1.0"

where you would normally see something like:
"GET /folder/file.html HTTP/1.1"

Apache naturally respondes with a 405 - Method Not Allowed, where the method
would be "CONNECT". I have really no idea why anyone would be doing this,
but I'm somewhat sure it has nothing to do with the other (CodeRed) log
lines. I don't think there is a CONNECT method in the HTTP standard; I'm not
certain but almost. I should go look it up, but too lazy right now ;-).
Anyway, I don't think you need to worry about that one either.

Regards,
Robert Andersson


----- Original Message -----
From: "Gary Turner" <kk5st@swbell.net>
To: <users@httpd.apache.org>; "Robert Andersson" <robert@profundis.nu>
Sent: Thursday, July 11, 2002 9:35 PM
Subject: Re: access & error logs -- attempted crack?


> On Thu, 11 Jul 2002 10:44:43 +0200, Robert Andersson wrote:
>
> >Looks like CodeRed or similar clone, which try to exploit a buffer
overflow
> >in MS IIS. It´'s now known that Apache (<1.3.26 && <2.0.39) has a
similar
> >bug, but I don't know how such an attack would look like. But these log
> >entries are certainly intended for IIS.
>
> Thanks to both Robert and Stephen for timely, helpful answers.  I knew
> there was a reason to run Linux :)
>
> On the other access.log entry,
>
> 207.114.6.10 - - [10/Jul/2002:21:32:02 -0500] "CONNECT 207.114.6.11:6667
> HTTP/1.0" 405 307 "-" "-"
>
> can anyone explain this?  IRC port?
> --
> gt
> It ain't so much what you don't know that gets you in trouble---
> it's what you do know that ain't so.--unk
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message