httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From io...@comcast.net
Subject Re: [users@httpd] strange entries in my apache access log
Date Mon, 04 Aug 2003 07:02:46 GMT

--> Sunday, August 3, 2003, 11:04:46 PM, you wrote:

> I got the following lines in my apache access log:

> 38.117.14.13 - - [03/Aug/2003:20:58:35 -0500] "\x04\x01" 200 24444 "-" "-"
> 38.117.14.13 - - [03/Aug/2003:20:58:58 -0500] "\x05\x01" 200 24444 "-" "-"
> 38.117.14.13 - - [03/Aug/2003:20:59:01 -0500] "CONNECT 205.188.160.120:80 HTTP/1.1" 200
32945 "-" "-"
> 38.117.14.13 - - [03/Aug/2003:20:59:01 -0500] "GET / HTTP/1.0" 200 0 "-" "-"
> 132.24

> If i don´t have proxies enabled, why is it accepting CONNECT requests? I
> didn´t change anything in the standard httpd.conf file, related to
> proxies, am I having an open proxy? and what is "\x04\x01" for?

If you assume those are supposed to be hex values of ascii characters...

  1 = SOH = Start of Heading
  4 = EOT = End of Transmission
  5 = END = Enquiry

Looks to me like the ever present delimiter insertion type of exploit.

-Tomi


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message