Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 87971 invoked by uid 500); 2 Apr 2003 15:20:48 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 87957 invoked from network); 2 Apr 2003 15:20:48 -0000 Received: from unknown (HELO amethyst.4lane.com) (64.30.49.16) by daedalus.apache.org with SMTP; 2 Apr 2003 15:20:48 -0000 Received: from localhost (localhost [127.0.0.1]) by amethyst.4lane.com (Postfix) with ESMTP id BF73E58007 for ; Wed, 2 Apr 2003 10:20:45 -0500 (EST) Received: from [10.21.30.80] (unknown [10.21.30.80]) by amethyst.4lane.com (Postfix) with ESMTP id 42B0858006 for ; Wed, 2 Apr 2003 10:20:45 -0500 (EST) From: Lee Fellows To: users@httpd.apache.org In-Reply-To: <006501c2f927$8b9f2a20$1a01a8c0@vishal> References: <006501c2f927$8b9f2a20$1a01a8c0@vishal> Content-Type: text/plain Organization: Message-Id: <1049296834.1336.58.camel@darkstar.internal.4lane.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.3 Date: 02 Apr 2003 10:20:34 -0500 Content-Transfer-Encoding: 7bit X-Virus-Scanned: AMaViS new-20020517 / ClamAV 0.22 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Invalid method in request \x80L\x01\x03 On Wed, 2003-04-02 at 09:52, System wrote: > Hello All, > > since yesterday httpd logfiles are filling with entries like these: > > [Wed Apr 2 09:43:01 2003] [error] [client 64.133.59.136] Invalid method in > request \x80L\x01\x03 > > Does anybody have seen this before? I never saw the \x??? request stuff > before. Maybe some kind of DoS attack / exploit attempt? > This is almost funny. Didn't we see precisely the same pattern once before just recently? What does the corresponding entry in your access_log file look like? My guess is someone attempted to access a non-https port using the https protocol. Now whether this was accidental, i.e., someone entering https://xxx.xxx.xxx.xxx:80/, or someone attempting to correctly access port 443 when the host monitoring that port is not configured for SSL, I do not know. -- Lee Fellows --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org