>
> I have found this is my apache logs
>
> 132.198.224.115 - - [18/Nov/2003:23:27:10 +1100] "SEARCH
> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
> b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x
> 0
>
>
> whith lots more it gets a 400 return code
>
> I am interested to see what sort of an attack this is ? some
> quick searching on google hasn't found me anything.
>
> Any one else seen this, right now I am just blocking their IP address!
This is a webdav exploit.
Some of the M$ worms (nachi/welchia etc) use this as a secondary attack if port 135 is not available.
Cheers,
Marty
Netway Networks Pty Limited
t 02 - 8920 8877
f 02 - 8920 8866
e [EMAIL PROTECTED]
w http://www.netwaynetworks.com.au
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
