To all,
Please forgive me if this is not appropriate for this list, but the
webmaster group doesn't have a clue about security.
I've been seeing the following in my http error logs lately:
[Mon Apr 19 18:30:28 1999] RP3: Info: The request header
'XXXXXXXXXXXXXXX' is not formatted correctly. This request header will
be skipped.
The error message is always exactly the same.
There has been no "one" IP address that's been sending this. Neither is
there any consistency (i.e. time, day of week, etc.)
But, about 95% of the time it comes from the following addresses:
cacheflow1.gw.utexas.edu [129.116.78.130]
flowbie2-outside.csc.com [192.251.173.34]
cacheflow.insync.net [209.113.31.202]
Question: Is someone trying to blow up my CGI stuff?
Is this something that certain browsers just "send"
along with valid requests? (like favicon.ico showing up because a IE5.0
sets me as a favorite)
Please help folks.
Thanks in advance,
Michael Sorbera
Webmaster/security guy/network engineer/whatever else needs to be
done...
Randolph-Brooks Federal Credit Union
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
